loading...

re: Please Stop Using Local Storage VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Doesn't this approach have the same security flaw as storing an authorization token in the local storage? I mean, every JS code is going to be able...
 

Well, yes. As Randall points out above, he was referring to httpOnly cookies, which cannot be read or written to from client side JavaScript. I think that paragraph just lacked that context. Client side cookies are just as susceptible to XSS attacks as localStorage. I just didn't agree that just cookies needed a server to write them, httpOnly cookies do though.

code of conduct - report abuse