HTML5 Local Storage - Replace Cookies?


Well-known member
With HTML5's localStorage API available to use, would it be considered good practice to use this as a method of authenticating logins for users who've saved their passwords? I don't think that localStorage is exploitable as cookies are. I'm just wondering if anyone is using them currently, or plans on using them to replace cookies.


XenForo developer
Staff member
Cookies work for authentication because they are sent to the server (and can be set by the server). Local storage is for access via JS. You could theoretically use it, but it'd really have to be for an app where every "page view" was done/built via JS, as you'd have to pass session/auth details along explicitly. Doesn't seem ideal to me.