How to deal with localStorage for multiple users?

Question

In the event that you want to store user-dependent data in localStorage (e.g. because multiple users can use the same browser for your site), how do you typically deal with this scenario?

Let's imagine that I am able to identify the user with something like a unique userId on the front-end side. I would probably do something like the following:

// retrieve the data
data = JSON.parse( window.localStorage.getItem( userId ) ) || {};

// persist the data
window.localStorage.setItem( userId, JSON.stringify( data ) );

Is this a naive way of doing things?

EDIT: After giving it a little bit more thought as per @MДΓΓ БДL and other comments, let's assume the data is sensitive. In that case the above example indeed is naive. Any ideas on how to deal with sensitive data in this case? Or is the answer perhaps: don't do it, save it on the back-end?

Answer 1

Sensitive data should pretty much never be stored on the client. Unless you can guarantee the physical security of the computer and/or guarantee that the logged in user on that computer will only ever be the one using the computer (both of which are usually NOT true), then don't store sensitive information on the client if you can avoid it.

It is much, much, much safer to store sensitive information on the server and require appropriate login credentials before providing that information to a browser. You can then control the physical security of the data on your server and prevent any users from accessing data that isn't theirs. Further, you can protect it in-flight with SSL.

If you really want to store something locally that is only available to one user and one computer and one browser on that computer, you could prompt for a password and use that password to encrypt/decrypt data that was stored in local storage. Except for a temporary off-line activity, I'm currently unsure why that would be a better user experience than storing it on a server where it can be available to that user no matter how they access the internet. In these days of mobile access, tablet access, laptop access, etc... it seems that the trend is more to store stuff in the cloud so a given user can get access to their data via any internet access means they might use rather than requiring them to use the exact same computer.