1
Is there a problem related to the security of a web system that uses sessionStorage for temporary storage of a user’s data? In practice, the use of sessionStorage is a good practice?
In my application, instead of always making a request to the database to acquire information, I upload several pertinent data once and save them in a sessionStorage to be able to manipulate in several areas of application. This practice implies in possible security problems of general application?
0
My answer is yes and no. It depends on the type of data you are storing in the session.
Just keep in mind that this is data that you can see if you open the browser console. We should always assume that someone will do this.
Yes.
If you are storing keys as your site’s name and password. Or other sensitive information. If you are depending on a certain value, take into account that the user can change this value and cause failures on your site.
Not.
If you are using the session for simple things that do not compromise the functioning of your site if its value is changed.
Browser other questions tagged javascript jquery security-guard
You are not signed in. Login or sign up in order to post.
Check this post: http://security.stackexchange.com/questions/36958/is-it-safe-to-store-password-in-html5-sessionstorage
– Samir Braga
Duds, instead of clarifying in the comments, please edit the question to add this information, then just let whoever asked you know "@Renan, edited question"
– brasofilo
Everything on the client side is editable beyond the original intent of the application. Security is very relative, it depends on where you use the data, and how important it is. It would be good to [Dit] the question and put in a more practical context, it seems to me very broad the question of the form that is.
– Bacco
It’s not an answer to your question, but it’s a touch for something you might not have thought of: you’re using sessionStorage as a cache layer to store data you’ll use later, thus avoiding making extra requests on the server to fetch it, which is interesting since it increases the speed of the app and decreases the load on the server, however you may fall into cache invalidation problems. Think about it: you saved something like the user’s address in the sessionStorage, since the user updated it on the server, and now your sessionStorage has outdated/invalid data.
– BrunoRB
@Gabrielrodrigues since it is sameOrigin you know if when using some js by the browser console, it is possible to take the data from sessionStorage?
– rafaelphp
@Duds, always try to encrypt important data such as session tokens and others, so only you have the key. Another issue I saw is that you say you can handle this data more easily, see that if two users have the same data and one while updating the other may not receive the update, and this who did not receive the update may want to update again a content that was already updated, IE, if so you should create a verification routine, if it is shared data is not good to make use of sessionStorage.
– rafaelphp