loading...

re: Sessions and Cookies and (local)Storage, Oh My! VIEW POST

FULL DISCUSSION
 

Also probably worth noting that localstorage probably shouldn’t be used for sensitive information (like user passwords session identifies, etc) as it’s susceptible to xss attacks.

 

Good point, I'll make an update.

 

What do you think about firebase auth being in localStorage by default?

Although can be set in cookies as well. I tried, but I failed...

 

Hmm ideally you don’t wanna be putting any sensitive data in local storage as its openly accessible via JS. What problems did you have with configuring your session via cookies?

  • How do I get csrfToken from the server? Another HTTPS request, or just js-cookie? There is no form or template rendering here...
    • Actually, IIRC, cookie is just a line of string to be parsed.
  • I want to persist not only session itself, but also user credentials.
Code of Conduct Report abuse