Hack Frontend Community

Browser Storage: Cookie, LocalStorage, SessionStorage and IndexedDB

In browser there are several types of built-in data storage that can be used to save user state, cache, settings, etc.

Main Storage Types

StorageVolumeAvailabilityLifetimeSent to ServerSupport
Cookie~4 KBServer and clientDepends on ExpiresYesAll browsers
LocalStorage~5–10 MBClient onlyUntil deletionNoAll browsers
SessionStorage~5–10 MBClient onlyWhile tab is openNoAll browsers
IndexedDB100+ MBClient onlyUntil deletionNoAll browsers
  • Allow transferring data between client and server
  • Used for authorization, sessions, personalization
  • Sent in every HTTP request, so should be compact
  • Configured via Set-Cookie header or document.cookie
document.cookie = "theme=dark; path=/; max-age=3600";

LocalStorage

  • Suitable for long-term data storage (theme, tokens, settings)
  • Available only on client
  • Survives browser restart
localStorage.setItem("theme", "dark");
const theme = localStorage.getItem("theme");
localStorage.removeItem("theme");

SessionStorage

  • Similar to localStorage, but lives only within one tab
  • After closing tab — data is deleted
sessionStorage.setItem("step", "2");
sessionStorage.getItem("step");

IndexedDB

  • Asynchronous database in browser (key-value + indexes)
  • Allows storing structured objects, even files
  • Suitable for offline-first applications, PWA, large data
const db = indexedDB.open("MyDB", 1);

Easier to use via wrappers:

When to Use What?

ScenarioRecommended Storage
Authorization, tokenscookie (with Secure + HttpOnly flags)
User settingslocalStorage
Temporary datasessionStorage
Offline data cache, PWAindexedDB

Security:

Never store access tokens in LocalStorage or SessionStorage if they can be stolen via XSS. Use HttpOnly cookie.

Conclusion

  • Use cookie for transferring between client and server
  • Use localStorage for permanent client data
  • Use sessionStorage for temporary, one-time data
  • Use IndexedDB for complex and large storage