All geek questions in one place

Why is localStorage not used instead of cookies? (and in other cases)

According to MDN , suppose it is more secure than cookies to store persistent data on the client.

However, checking localStorage facebook.com , twitter.com and linkedin.com , I see that it is not in use.

Oddly enough, linkedin has an localStorage key (in localStorage ) when logging in, but trying to access it causes an error.

+6
source share
3 answers

My guess (hopes this qualification has an answer)

Web Storage is compatible with most common browsers: http://caniuse.com/namevalue-storage .

For things that donโ€™t need to go with a session: what is likely to happen is that cookies are the most well-known and easy to use. There are many mid-skilled companies who will run away when confronted with things from their comfort zone.

Edit after Reply to Python Fanboy (+1 from me): read his answer .

+4
source

localStorage has this flaw, which does not have cookies: stored values โ€‹โ€‹are not sent automatically with all HTTP requests, therefore, without additional implementation. Your server will not know what is stored in the localStorage browser.

localStorage supported in IE with IE8.

+4
source

According to MDN, it is assumed that it is more secure than cookies to store persistent data on the client.

Taking a quick look at the Facebook cookie, for example, I see things like userid, authentication tokens, chat presence indicator and window size. (Do not post my cookie here for obvious reasons).

The function that makes cookies โ€œless secureโ€ (cookies are sent with an HTTP request) is the function that they need in this case, because it is part of their communication protocol. Authentication identifiers are useless if they are not sent to the server, as well as authentication.

Simply put, they do not use localStorage in this case, because they are not trying to store things locally.

+2
source

Source: https://habr.com/ru/post/952435/

More articles:


All Articles