|
|
|
|
|
|
by shk1338
3063 days ago
|
|
|
OMG, he tell us to not store anything security-critical in Local Storage but advice to store encrypted session in Cookies instead! He says that any JS code on the page can access Local Storage but he doesn't mention that Cookies can be accessed by JS as well as Local Storage. And also, Cookies will be sent with each request event if request target is an image or a CSS, when with Local Storage you can decide which data should be sent with each individual request. He says that Local Storage can store strings only, but he doesn't tell that Cookies is even worse than this - it's JUST ONE string at all. After that he tells about Cookie-related CSRF attacks prevention which not needed with Local Storage. Doesn't he contradict himself? |
|
|