Garifullin the Russian
Reputation: 99
Is it safe to store tokens to JS Local Storage?
I am making a file hosting.
I need to know if it's safe to store tokens after user authentication to Local Storage.
Upvotes: 1
Views: 734
Answers (2)
ClementNerma
Reputation: 1109
There are two problems when using the localStorage :
- It can be cleaned at any moment by a tool (e.g. CCleaner) or when user manually clean the browser's data ;
- Anyone (applications...) can read it. And any app can write it too.
So, depending of what you store, it would be a security issue...
But why do you want to use localStorage instead of standard cookies ?
Upvotes: -2
AlexG
Reputation: 4045
Depends what kind of token really.
If they're oAuth2 bearer tokens, it's safe to store them: After all, the server will later know whether that token is too old and will ask you to renew it.
If it's an oAuth2 refresh token on the other hand, it should never even reach the client.
Other kinds of token? It will depend on their characteristics.
Upvotes: 3
Related Questions
- Is it safe to store a JWT in localStorage with ReactJS?
- Should I use local storage to store user data
- Cookie or local storage?
- Should I be concerned about token visibility in local storage in ReactJS?
- How to save Token to Local Storage?
- Is local storage the best way to store JWT token on client side? ( Assuming best practices are in place for preventing XSS )
- JS hybrid app - storing token in localStorage
- Is it safe to store token in browser local storage after web api authentication
- Storing Tokens in the browser
- Are there any security concerns storing HTTP Basic authorization header in localStorage?