Html5 sessionStorage over server-session?

Question

I don't understand which is the best option for session control.

I know user/password/login must be stored at server session by security reasons, but and the other things I want to storage?

If I have data at server storage when html is assembled at the server-side php/python/c#/java will fill the session data, and when I'm using html5 sessionStorage, it will be javascript that will fill the stored data. I want to understand why and when I should use sessionStorage over server session. Can someone help me with that?

Answer 1

First off, use server storage for everything vital. Session storage is not yet widely supported enough to be able to use it for key features.

Secondly, you'll want to store any information you don't want the user to know about or be able to change on the server side. Any information on the user side is subject to spoofing and changing, so keep that in mind. All important values would need to be validated.

Finally, sessionStorage will be great for a lot of things, but I think they main big feature is it will be able to be used with AJAX web-apps to allow for client side processing of information. Instead of sending back and forth a lot of data, you can send it once and keep it there. Reduces a users footprint on your server, especially for complicated programs.

That said, I'll reiterate that, for now, only use it for additive features that are non-vital to the running of your site/app.