Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Mobile App Development - HTML5 LocalStorage versus SessionStorage versus Cookies

Tags:

security

web-applications

mobile

jquery-mobile

We are developing a mobile web application on the jQuery Mobile platform that requires a user to provide their username and password.

Rather than asking the user to re-enter their details each time we want to only ask them once for their username and password and then prompt them to enter a pin.

We will encrypt this pin and encrypt a user identifier string and save both either in LocalStorage or Cookie.

When the user visits the application for a second time we will test if a user identifier can be found and if so prompt them to enter a pin.

Once the pin is entered we will securely (SSL) pass the pin and the user identifier to be decrytped and validated on the server.

I've read in a few places that we should use Cookies instead of LocalStorage (from a security point of view). Would you concur with this and can cookies be used across most smart-phones?

We also need to ensure that the user is required to re-enter their pin each time they close the browser or browse to another page or exceed 30 minutes of inactivity.

To manage this I was thinking of storing a value in SessionStorage as I have read that this is more secure than LocalStorage and expires when the browser is closed. Alternatively we could use Cookies again.

Security is a key concern so I'd be intersted to hear any tips and/or alternative approaches you may have.

Many thanks in advance...

like image 692
user445069 Avatar asked May 02 '11 21:05

user445069

1 Answers

If security is your chief concern, I would not recommend using cookies since they are sent with every request to the server, which could potentially be intercepted by anyone sniffing that traffic over the network. Performance-wise, using cookies also increases the amount of data going back and forth between server and client.

For your purposes I would choose sessionStorage if you want your data to be persistent only for the life of the browser session, including as well a timestamp that you can test for session expiration. Data in sessionStorage and localStorage stays only on the client and is never sent to the server.

like image 86
Ryan Avatar answered Sep 28 '22 02:09

Ryan
Sign in to Comment

Related questions

Detecting shaking in html5 mobile
Digitally Signing Data in a web app
SMS + Web app: Providers of SMS "Long codes" for use by U.S. carrier subscribers within U.S.?
With sqlalchemy how to dynamically bind to database engine on a per-request basis
Maven WAR - sources are not getting compiled
Images blurry in iphone 4 mobile safari
Azure webapp Tomcat 8 configuration
How do you architect an application like Firebase?
Best practices for a WiFi-connected device WITHOUT Internet connectivity
How do I generate a connection reset programatically?
window.open() doesn't work in mobile Safari web-app added to home screen
Web application on an iPhone - styling it to look like native iPhone app [closed]
How to create a public API using the Zend Framework?
Static html Files in Cherrypy
Offline Web Application HTML5 on Android
Match jetty url-pattern to only root directory
How to fix "Error while parsing the 'sandbox' attribute" flags error with HtmlService?
Do I have to build maven webapp project everytime i make changes into static files?
ElasticSearch.Net dll quarantine from Antivirus - WS.Reputation.1
Develop desktop applications view with HTML, as a web application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!