Session and local storage are browser storage methods that let you store data alongside stateless HTTP requests. They are an alternative to cookie-based storage and have many uses in web development.

While they operate in a very similar way, there are significant differences you should be aware of.​​​​​

Local Storage and Session Storage: What Are Their Uses?

Local and session storage are JavaScript APIs that you can use to store data on the client-side. They allow a website to store data on the browser and instruct the browser to access it later on.

Depending on your needs, you can use local or session storage to store data. Both storage methods are similar to cookies but without the same privacy concerns surrounding cookies. Therefore, most modern websites prefer to use web storage methods only or combine them with cookies as a fallback.

Unlike cookies, local storage and session storage do not send data to the server via HTTP headers. You should use them for client-side functionality only.

Additionally, local and session storage each have a storage limit of around 5 MB per domain. They provide more storage than cookies, which only have a capacity of 4 KiB per cookie.

What Is Session Storage?

A browsing session approximates your use of a website. If you visit a site, browse around for a bit, then turn off your computer, you can think of that time as a single session. Your browser configuration may change this in subtle ways, but a session aims to represent the chunk of time you interact with a site.

Session storage is unique to each browser tab. If you open a new tab and navigate to the same site, you'll start a new session with its own storage. However, if you use a "duplicate tab" feature in your browser, that may reuse the same session. You can't rely too much on the specific details of a "session". Instead, focus on the core concept: session storage is temporary.

Session storage has built-in API methods to work with key/value pair data. You can store data from JavaScript like so:

        sessionStorage.setItem("key", "value");

And to retrieve the stored value:

        sessionStorage.getItem("key");
    

Note that both key and value are string types only. If you want to store a different type, you'll need to convert it to a string, explicitly or implicitly.

What Is Local Storage?

Local storage maintains data across all instances of a site, whether they're in different tabs or windows. It is also permanent, so the data won't disappear when you close your browser.

When you open a website that previously used local storage, it will always have access to that stored data.

As a web developer, you can use this mechanism to retain data about a user. Some websites might use this to keep you logged in or provide a more personalized experience.

Like session storage, you can set a local storage object with one line of JavaScript code:

        localStorage.setItem("key", "value");

To access the value of the key:

        localStorage.getItem("key");

Note that these methods work in the same way as session storage, they just use a different type of data store.

While session storage clears data as soon as the session ends, the only way to clear local storage is to explicitly delete it. Both storage types offer two methods to clear data. The first removes a specific item of data based on its key:

        localStorage.removeItem("key");
    

You can also remove all data stored by your site, regardless of its key:

        localStorage.clear();
    

You can learn more about these web storage API methods on the javascript.info website.

When Do You Need Local Storage?

Since local storage is persistent, it's your best bet to retain data across user visits. If you want to store site preferences or cache long-term data, local storage is appropriate. You may not want to store more sensitive data using local storage, since it is permanent.

As local and session storage are front-end methods, you may want to avoid using them for server-based functions like user login. You could consider cookies as an alternative in these cases.

When Do You Need Session Storage?

If you wish to store data only while a user interacts with your site, then session storage is ideal. This could be for short-term caching or usage data about a specific visit to your site.

Session storage is better for storing more sensitive information since it expires.

Local Storage vs. Session Storage: Which Is More Secure?

Hand touching a smartphone with social logos

As you've seen, local and session storage methods are similar in many ways but still have tailored use-cases. You shouldn't consider either secure since they are front-end technologies that JavaScript has access to. However, session storage is very convenient, and its temporary nature is reassuring.

Local storage is permanent so it may pose additional security concerns. Anyone who opens a browser can, in theory, access local storage. You should be aware of how XSS attacks work and how to prevent them.

Local Storage or Session Storage: Which Should You Use?

Session storage is slightly more secure due to its temporary nature. However, your choice of web storage method depends on your requirements. JavaScript storage is most suitable for client-side use only. But it offers a convenient browser-based data store and is very easy to use.

Remember that while local storage stores data across several tabs, session storage is unique to each tab, for the most part. You should ensure that your app makes as few assumptions as possible and caters for edge cases.

Cookies are an older form of data persistence, but they're still very much in use. You might want to check them out for data that you need to transmit to the server.