Storing Credentials in Local Storage
The Local Storage is designed for storage that spans multiple windows and lasts beyond the current session. In particular, Web applications may wish to store megabytes of user data, such as entire user-authored documents or a user's mailbox, on the client side for performance reasons.
For storing credentials in local storage, on successful login, generate a completely random string unrelated to user credentials. You need to store this in the database. Do not forget to add an expiry date. Pass that string to the JavaScript to be stored in local storage.
As long as the local storage credential matches the database and the timeout did not expire, consider them logged in.
Therefore, no risk of the user's credentials exposed from local storage.
Published on 06-Apr-2018 10:38:52
