DEV Community

Elango Sundar
Elango Sundar

Posted on

Difference between local storage vs cookies

What is the main Difference between local storage vs cookies?
Can you explain with example:

Top comments (4)

Collapse
 
sualko profile image
Klaus Herberth

A cookie is basically just information (a string) in the HTTP header. It can therefore be modified on client and server side.
The local/session storage is a key/value store in your browser and can therefore only be access on the client-side.

Collapse
 
tarialfaro profile image
Tari R. Alfaro • Edited

On a note, no one should be putting sensitive data in the Local Storage. This includes session IDs and JWTs. They are vulnerable if there is ANY possible XSS vulnerabilities, and while SQL Injection attacks today are mostly because of old tech, we are still finding XSS vulnerabilities.

Collapse
 
sualko profile image
Klaus Herberth

I think this is true for every client side storage. It doesn't matter if it's stored in a cookie, indexdb or local storage. Tari is right. Never store sensitive data in such a storage.

Collapse
 
ujwaldhakal profile image
ujwal dhakal