About
This page is about client side data (ie stateless session) in the browser.
Data Store
Browser Native
- WebStorage - name/value pairs - Method of storing data locally like cookies, but for larger amounts of data (sessionStorage and localStorage, used to fall under HTML5).
- WebSql (nor more supported)
Library
In-browser databases that wrap browser storage capabilities:
- PouchDB (can sync with CouchDb database)
Format
Security
Secure or sensitive data should not be stored persistently in browser data stores as they should be treated as insecure storage.
- Valid Data: name, email, phone number
- Not valid Data: credentials, credit card numbers.
Because the Web Storage mechanisms are APIs, they can be accessed from injected scripts, making it less secure than cookies with the httponly flag applied.