Search Hashnode

Search posts, tags, users, and pages

Comment by Apoorv Tyagi on "How to Save User's Data Persistently in Web Browser Using Local Storage" | Hashnode

Discussion

Apoorv Tyagi

Senior Software Engineer | Tech Blogger | !(Chess GM)

Oct 20, 2021

Is it possible if I get someone's auth token from their local storage and add it to my browser's local storage? Will that token work for me? For example, If I store the login token for each user in the local storage but let's say someone got access to that token, can they then login using that token from their own browser?

Basically, how does the browser ensures the security of data?

Yuvraj Singh Jadon

Computer Science Student

Oct 20, 2021

Yes, once a token is stolen the account would be compromised. That's why sensitive information must never be stored in local storage as browser doesn't ensure any security. Any third party js code used on the website can access local storage thus increasing the chances of token theft.

Will also update the article to include this point. Thanks for pointing it out. 🙌🙌

Also developer.okta.com/blog/2018/06/20/what-happens-i… this is a brilliant article about the same. Worth a read.

Yuvraj Singh Jadon Thanks for the answer.

Apoorv Tyagi

Senior Software Engineer | Tech Blogger | !(Chess GM)

Oct 24, 2021