Is web storage preferable over cookies for storing sessionId? [duplicate]

https://stackoverflow.com/questions/14626082

cookies
session-cookies
session-storage
local-storage
web-storage

06-03-2022
|

문제

Is it more secure to hold the sessionId at client side (to avoid logging in each time) using local storage or session storage rather than using cookies?

해결책

No! Keep the sessionid at client-side is a bad idea, because it can be easily captured by an attacker (by XSS, for example). Any information hold in web storage is unprotected.

Hold your sessionid in a cookie and don't forget to mark HttpOnly and secure flags.

라이센스 : CC-BY-SA ~와 함께 속성

제휴하지 않습니다 StackOverflow