Reputation: 885
Is it safe to store the user information in localStorage?
Currently I am storing user information in localStorage, but for some reason smth tells me that this must be wrong due security or smth else... What would be the best practice to pass the user information for ex user_id into a http call later.
If I store user_id into localStorage, someone can change it and make calls on behalf of someone's else user_id. Could anyone suggest me the best practice how would I achieve such things that no one can manipulate with user logged in information.
One way I was thinking is, to always call the users/me and get the user info and then make the other call, would this be a better way?
Upvotes: 1
Views: 8571
Answers (1)
Reputation: 89
Each time a user logs into your application you must authenticate them on the server side and either use a server side session which uses a cookie (or some sort of auth token) for requests back to your server.
It seems like you probably have an insecure web application if a request can be spoofed simply by changing a user id though.
You can store something like a user id or user name in local storage so long as you are only using it for a "remember me" feature to populate a form field for example.
Upvotes: 2
Related Questions
- What is the JavaScript version of sleep()?
- How do I make the first letter of a string uppercase in JavaScript?
- How do I return the response from an asynchronous call?
- What is the difference between "let" and "var"?
- What does the !! (double exclamation mark) operator do in JavaScript?
- Get the current URL with JavaScript?
- What is the most efficient way to deep clone an object in JavaScript?
- What does "use strict" do in JavaScript, and what is the reasoning behind it?
- How to store objects in HTML5 localStorage/sessionStorage
- How do I copy to the clipboard in JavaScript?