Well the answer is, it depends. localStorage
and cookies are not equivalent. Although they both can be used to store information on the client, they serve very specific goals. localStorage
is meant to store application's data locally. It cannot be set directly from the server and is not sent to the server through HTTP headers either.
You may also have a look at sessionStorage.
However, cookies are typically created from the server (even if there's a JS API) through HTTP headers and they contain expiry information. Once set, they will be part of every client request's HTTP headers, allowing the server to access the information.
Both ways are probably equally secure since they both cannot be accessed from another domain. However if you are transmitting secure information you should probably do it through HTTPS as well.