+ 1
How is HTML5 Web Storage more secure than JavaScript Cookies?
This SoloLearn HTML5 course tells me that one advantage of HTML5 web storage over JavaScript cookies is that they are more secure. How is web storage more secure than cookies? How do web storage accomplish this? What was the limitations of Javascript cookies that made it less secure than web storage?
2 Answers
+ 1
Okay. Thanks to this thread from Stack Overflow, now I'm able to answer this problem. https://stackoverflow.com/questions/23687705/does-html5-web-storage-localstorage-offer-a-security-advantage-over-cookies
Basically, what they said is: "There isn't much of a security benefit of using localStorage as opposed to cookies. The difference between the two is because the goal is different: localStorage can be used for things you'll only use in JavaScript, whilst cookies can be used for storing things you need on the server (as well)."
It was also mentioned that cookies expire, while localStorage can indefinitely stay on the client side - potentially making it less secure than cookies.
But still, this conflicts with what the HTML course here says (that web storage is more secure than cookies). So I'm guessing that the reason why cookies are less secure is because it is sent every HTTP request, so if your connection with the server is not encrypted (i.e. does not use an HTTPS protocol - HTTPS/TLS or HTTPS/SSL), then a man-in-the-middle is able to see the data (including cookies) that are being sent from the client to the server.
Anyways, if you're reading this, and believes that I am wrong, please feel free to correct me, or engage to a conversation with me. I just need this question from last week answered. Thank you and have a nice day.
+ 1
With HTML5 web storage, websites can store data on a user's local computer. Before HTML5, we used Javascript cookies to store data.
Web storage is more secure and also, it's faster and can store larger amount of data.