Web Storage API
The Web Storage API is a feature provided by modern web browsers that allows websites to store data in the form of key-value pairs within the user's browser. It's part of a suite of features for client-side storage and is more secure and efficient than older methods like [[cookies]]. The Web Storage API provides two mechanisms for storing data: [[LocalStorage]] and [[sessionStorage]].
There are two storage types:
localStorage
: Stores data with no expiration date. The data persists even after the browser window is closed and reopened. It's used for long-term storage of data on the client side.sessionStorage
: Stores data for one session and is cleared when the browser tab is closed. It's useful for data that should be persisted only while the page session exists, like the state of the current application.
Both localStorage
and sessionStorage
usually offer more storage capacity compared to cookies (often around 5-10 MB per origin). The stored data is accessible only by web pages from the same origin (same protocol, domain, and port), providing security against cross-origin access. Data is stored in key-value pairs, making it straightforward to store and retrieve data.
An example may be using localStorage
in JavaScript to store and retrieve data:
// Store data
localStorage.setItem("key", "value");
// Retrieve data
let data = localStorage.getItem("key");
// Remove data
localStorage.removeItem("key");
And using sessionStorage:
// Store data for the session
sessionStorage.setItem("sessionKey", "sessionValue");
// Retrieve session data
let sessionData = sessionStorage.getItem("sessionKey");
The Web Storage API provides more space to store data compared to cookies. Unlike cookies, the data in localStorage
and sessionStorage
is not sent to the server with every [[HTTP Protocol]] request, reducing traffic and improving performance. The API is simpler and more intuitive for storing and retrieving data than cookies.
Web storage can be susceptible to [[Cross-Site Scripting|XSS]] attacks. If an attacker can inject malicious scripts into a web page, they may access and manipulate web storage data. Sensitive data should not be stored in web storage due to the potential for client-side script access.