DEV Community

loading...

Discussion on: Cookies vs Local Storage

Collapse
pragativerma18 profile image
Pragati Verma Author

Hey Asim, ideally, you can't secure local storage and it is not recommended to store any sensitive data in local storage. You can try and encrypting it, but there is a catch. Encrypting it on the client is possible, but would mean the user has to provide a password and you have to depend on not-so-well-tested javascript implementations of cryptography.

Encrypting on the server side is of course possible, but then the client code cannot read or update it, and so you have reduced localStorage to a glorified cookie.

If it needs to be secure, its best to not send it to the client. What is not in your control can never be secure.