|
|
|
|
|
|
by nathan_long
2476 days ago
|
|
|
> Could we just avoid cookies altogether, and store session info in local storage? Several possible issues there: - If the session is large, it eats space on the user's machine and bandwidth in requests
- The session can't be shared across devices
- Security concerns. You don't want to trust the user to tell you what their current state is - especially if it's "I have this much money in my account" and the like. Even if you encrypted the data, they could resend the same state at a later time - "oh look, I have a full wallet again!" You're much safer if all the user sends is "here's who I am" and every bit of associated information is under your control server-side. |
|
|