Skip to main content

Browser Storage

FeaturelocalStoragesessionStoragecookies
Storage Capacity~5–10 MB~5 MB~4 KB
ExpiresNever (until cleared)On tab closeOptional (set by expires)
Accessible byBrowser (client only)Browser (client only)Browser + Server
Data TypeStringStringString
ScopeAll tabs (same origin)Single tab/windowDomain/path-based
Auto-sent to server?NoNoYes
Best forLong-term preferencesTemporary session dataAuthentication / Tracking

Security Notes

ConcernExplanation
XSS (Cross-Site Scripting)If attacker injects JS, they can read your local/session storage. Always sanitize inputs.
CookiesShould use HttpOnly and Secure flags to prevent JavaScript access and ensure HTTPS-only transmission.
Sensitive DataNever store passwords or tokens in plain text in localStorage or cookies.