189
Top Answer
| Feature | Cookies | localStorage | sessionStorage |
|---|---|---|---|
| Size | ~4KB | ~5MB | ~5MB |
| Expiry | Set manually | Never | Tab close |
| Sent to server | Yes, every request | No | No |
| Scope | Domain + path | Domain | Tab only |
When to Use:
Cookies:
- Authentication tokens (HttpOnly, Secure flags)
- Data needed by server
- Cross-subdomain sharing
localStorage:
- User preferences
- Cached data
- Shopping cart (non-sensitive)
sessionStorage:
- Form data for multi-step forms
- Temporary state within a tab
- Data that shouldn't persist
Security Tips:
- Never store sensitive data in localStorage (XSS vulnerable)
- Use HttpOnly cookies for auth tokens
- Set Secure flag for HTTPS-only cookies
- Set SameSite attribute to prevent CSRF
StorageExpert