Is there a security issue for a web system that uses sessionStorage to store temporary data for a user? In practice, is using sessionStorage good practice?
In my application, instead of always performing a request to the database to acquire information, I load several pertinent data once and save them in sessionStorage to be able to manipulate in several areas of the application. Does this practice imply possible application security issues in general?
My answer is yes and no. It depends on the type of data you are saving in the session.
Just keep in mind that these are data that the user can see if they open the browser console. We must always assume that someone is going to do this.
Yes .
If you are saving keys as the name and password of your site's users. Or other sensitive information. If you're depending on a particular value, keep in mind that you can change this value and cause site crashes.
No .
If you are using the session for simple things that do not compromise your site's operation if its value changes.
