Web Storage API: More Security, Efficiency and Capacity than Cookies | WebReference

Web Storage API: More Security, Efficiency and Capacity than Cookies

By Sachin Khosla


Web storage is a method by which a website can store data in a Web browser. Currently, cookies are what all websites use to store client-related data. While cookies are definitely a good method for storing client-related information, they are not always efficient. In fact, using a cookie to store data often becomes a challenge to avoid race conditions (more on that shortly). Also, the cookie data available for each website is a lot smaller than Web storage's 5MB or 10MB, depending upon the browser.

Web storage also offers a more secure method for storing client-related information. Unlike a cookie, Web storage data is not carried over to the server via HTTP. So Web storage data can be accessed only via client-side scripts. This means the server cannot read or write directly to Web storage.

First introduced as a part of HTML5, the Web Storage API is now developed as a separate standard by the W3C (World Wide Web Consortium). It is supported by different browsers, but browsers built on WebKit, such as Mozilla Firefox, are developing a similar, separate specification called DOM storage.

This article introduces the Web Storage API and explains how it enables storing data in a more secure and efficient way than cookies.

Cookies and Race Conditions

For an example of a race condition while using cookies, suppose you want to book roundtrip tickets to New York. You go to the airline's website and try to book both-way tickets in two different tabs of the same browser. During the ticket-booking process, the website may store some temporary information that it will access from time to time on your computer in the form of a cookie. However, if the website does not handle cookies properly, you may end up booking the same ticket twice because you have two different tabs opened.

The Web Storage API provides two types of storage methodologies: local and session storage, which differ in their scopes. In local storage the stored data persists even when the browser is closed. However, the data stored in the session storage exists as long as the browser window is kept open. This allows multiple instances of the same Web application to run in different windows. Session storage is intended to solve the race condition dilemma.