local storage vs cookie performance

Question

I am working on a mobile web site (mostly for Android) and I would like to store a string (around 20 characters) on client side. I wonder which way is more efficient on performance wise, local storage or cookie? I will use JavaScript to write both cookie or local storage. Server is not going to work in any part to create cookie.

I found some test results for this but they didn't seem accurate to me. And also found some questions on stack overflow but they didn't answer my question too. If is there anyone who knows a good article or test please help.

Answer 1

There is a test you can run in your browser with jsPerf here. On my Ubuntu with Chrome the test shows reading localStorage to be faster than reading cookies but writing localStorage to be slower than writing cookies.

Answer 2

May I ask how you would like to measure 'efficiency' / 'performance'?

For example you might be measuring in terms of network/data usage, or perhaps you might be measuring in terms of latency, or maybe in terms of how "noticeable" it is by the user.

I also ask about how important security is on this site.

Personally I have a knee-jerk reaction against making cookies accessible via JavaScript, especially when it comes to session management. cf:

• HttpOnly,
• a more accessible introduction to HttpOnly,
• and the Cookie-specific OWASP guidance on session management).

How frequently will these requests be made?

If it once/hour, once/minute, or once/second will affect the conclusion. A couple of seconds of lag at these different frequencies will all be felt by the user in different ways.

Tailor the conclusion to the situation you shall be deploying in.

The final question I have is how this session ID will be sent to the API.

Is it included in every AJAX request? Every page load? If it is in every AJAX request but not every HTTP request?

.. to actually answer your question:

Without seeing your design/intentions, without having answers to the above questions, and considering this only on a performance/latency basis: I assume that localStorage will only be of benefit as you are able to selectively choose when to transmit the session id (but this depends on the code used to 'selectively choose' - if it is being sent on every request then it shouldn't matter significantly anyway).

I would suggest having a think about whether the performance gains are required (cf premature optimisation and testing in the environment you will be deploying, rather than testing in a standalone environment) and whether the security implications are of any concern (not strictly necessary in all cases, eg ad tracking vs a banking app).

Essentially, this is a wordy way of saying "it depends"!

Answer 3

Even if I can't come up with some jsPerf examples, localStorage access times should definitely be faster than reading out cookies. But thats not your only concern on that context, especially when you're dealing with mobile devices where request times and performance is cruicial.

That means, cookies will get attached to HTTP Request whereas localStorage data will not.

My suggestions clearly is the localStorage.