Clayton

Data placed in the localStorage persists after a session is closed, and thus, any actor with access to the browser will be able to obtain it. Furthermore, data in the localStorage or in the sessionStorage is visible to scripts that are running on the browser, and these scripts could belong to malicious third parties. Therefore, no sensitive or session information should be stored in the client-side storage.

<a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/" rel="nofollow noopener noreferrer" target="_blank">Cryptographic Failures</a>

CWE-922: <a href="https://cwe.mitre.org/data/definitions/922.html" rel="nofollow noopener noreferrer" target="_blank">Insecure Storage of Sensitive Information</a>

- <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/" rel="nofollow noopener noreferrer" target="_blank">Cryptographic Failures</a>
- CWE-922: <a href="https://cwe.mitre.org/data/definitions/922.html" rel="nofollow noopener noreferrer" target="_blank">Insecure Storage of Sensitive Information</a>

Keep client-side storage without sensitive data.

Use of Session storage and Local storage

Home

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Rationale

Scope

Related resources