I don't want to be rude, but I'm afraid you don't know what you're talking about.
First of all, don't compare two different things. Cookies store small pieces of information that are sent to the server automatically, while the web storage API is designed to process various types of data and use them locally (in most cases).
I will tell you a story that happened to me.
I once found XSS on a website and it was so hard to hack accounts because of the httponly flag.
Without this flag, it would have taken me a minute to hack any account, and what's more, I could have hacked any account silently, but this f***g flag ruined my plans.
I had to write some scripts. One script logged the user out, the second forced the user to log in, and the last one stole the user's password.
All this was more difficult to implement, and it didn't allow me to hack any account for many reasons. To top it all off, this XSS was fixed because some users were reporting it.
This simple flag saved this site from destruction.
I dont want to be rude, but I'm afraid you missed my point entirely...
- and yes, you're being a bit rude begining a sentence by "I dont want to be rude" and explaining to me what a cookie is like I'm 5 ... or at least a tad condescending
I don't want to be rude, but I'm afraid you don't know what you're talking about.
First of all, don't compare two different things. Cookies store small pieces of information that are sent to the server automatically, while the web storage API is designed to process various types of data and use them locally (in most cases).
I will tell you a story that happened to me.
I once found
XSSon a website and it was so hard to hack accounts because of thehttponlyflag.Without this flag, it would have taken me a minute to hack any account, and what's more, I could have hacked any account silently, but this f***g flag ruined my plans.
I had to write some scripts. One script logged the user out, the second forced the user to log in, and the last one stole the user's password.
All this was more difficult to implement, and it didn't allow me to hack any account for many reasons. To top it all off, this
XSSwas fixed because some users were reporting it.This simple flag saved this site from destruction.
I dont want to be rude, but I'm afraid you missed my point entirely...
- and yes, you're being a bit rude begining a sentence by "I dont want to be rude" and explaining to me what a cookie is like I'm 5 ... or at least a tad condescending
Entirely !!!