Can local storage be maliciously edited client-side?
https://stackoverflow.com/questions/3078368
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is a user able to edit localstorage (and sessionstorage) items? Specifically, would a malicious user be able to edit it like cookies can be edited?
I am researching session info for a web application I am writing, and I had the idea of using localstorage for some items. Yes, I have looked into session variables, and I am probably going to use them, but I was just wondering this and could not find it anywhere. My project is built with jQuery and PHP. The interface is completely driven by jQuery, and I am using localstorage for some other info--that is why I thought of it.
Thanks!
Solution
Yes he can, actually you should always assume that anything that is done on client side can be altered, of course JavaScript as well.
If you want to make sure that something is not altered you can use some kind of cryptographic signature on data and validate it on server side.
