Namespace HTML 5 local storage keys
https://stackoverflow.com/questions/4101028
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using the HTML 5 local storage API to store a user's access token. The requests then appends this token to access my server side API. I'm wondering if I need to namespace the keys I use. Does the browser take care of this or do I need to call the key something like 'my-awesome-app-token'? I noticed Twitter does this for some search params.
BTW, I know it's not secure to store the token there but security is not important here, the question is about namespacing keys.
Thanks!
Solution
The browser takes care of it:
http://dev.w3.org/html5/webstorage/#dom-localstorage:
User agents must have a set of local storage areas, one for each origin.
OTHER TIPS
No you don't need to do it, one localStorage for each subdomain.
I see that every answer on this question so far tells you that you don't need to "namespace" your localstorage keys. I'm not so sure that this is correct.
Let's say that you develop an application, and you need to run several instances of that application. This could be a test and production system, or several test systems. Anyway, if these apps run on the same protocol/server/port, but with a different url, they will have access to the same localstorage.
if your keys are using names that any other developer might use like "user", "data", "cache", you might end up reading localstorage from another application altogether. If that app is running on the same server.
To be sure, you might wan't to use an app-prefix to your keys and maybe also an app-id if you want to run several instances on the same server.
If I have misunderstood how localstorage works, please correct me.
The other answers address cross-application namespaces, but namespaces are also important in the case of different libraries used by the same application. If you are developing such a library, it would probably be respectful to other library developers (or even your future self) to namespace your library's storage usage.
An example I came across tonight uses the storage key nonce. If multiple libraries each tried to use nonce within the same app, that would be problematic. If you are developing a library for use by other developers, it would be nice to provide a prefixing option: myapilib_ + nonce.
