LocalStorage

• Client-side key–value storage
• Data persists even after browser is closed
• ~5–10MB per domain

Lifetime

• Permanent until:
  • Manually cleared
  • Programmatically removed
  • User clears browser data

Access

JavaScript only:

localStorage.setItem("token", "abc123");
localStorage.getItem("token");
localStorage.removeItem("token");

Cons

❌ NOT secure

❌ No auto expired

❌ Vulnerable to XSS (If JS can read it → attacker JS can read it

❌ Cannot be HttpOnly

❌ Not encrypted