Reputation: 37474

Deleting localStorage data

What vulnerabilities do i face, when coding a web app utilising localStorage, of a user inadvertently or deliberately delete localStorage data?

I'm happy to put a button saying "Delete my data", this is under my control, but are there ways beyond my control that localStorage data may be deleted? Or not used (ie. Incognito mode/private browsing mode)?

Thanks

Upvotes: 11

Answers (3)

user1011562

Reputation: 21

Here's what we found a user can do on iPhone IOS4 and iPad IOS4.

Kill Safari Double tap your "action button", press and hold the safari button that shows up on the bottom. When the circle with an x in the middle shows up, click the x.

Clear the Safari cache Settings | Safari | Clear cache

Start Safari back up

Bad news - all sites local storage is cleared, not just yours!

Upvotes: 2

zzzzBov

Reputation: 179086

Anyone can call localStorage.clear() from the console or location bar at any time. It's possible for a bookmarklet to be used to do the same thing.

Treat localStorage with the same volatility you'd treat a cookie. Assume that it can disappear at any time. It's best used for user-settings and temporary data. If a user clears it, be prepared to use default fall-backs or start the process over.

Upvotes: 10

Tarek

Reputation: 3798

localStorage is editable by the user , it's similar to the cookies .

User can delete / edit it if he wants , so you should make ur tests on server sides ...

here's an example of how angry birds got hacked ...

http://thenextweb.com/apps/2011/05/11/angry-birds-for-chrome-already-hacked-unlocking-all-levels/

     var i = 0; 
     while (i<=69) { 
       localStorage.setItem('level_star_'+i,'3'); 
       i++; 
      }
     window.location.reload();

Upvotes: 8

Deleting localStorage data

Answers (3)

Related Questions