Understanding the Three Storage Options
JavaScript provides three main ways to store data in the browser:
| Feature | Cookies | localStorage | sessionStorage |
|---|---|---|---|
| Capacity | ~4KB | ~5MB | ~5MB |
| Expires | Manually set | Never | On tab close |
| Sent with requests | Yes (every request) | No | No |
| Accessible from | Server & Client | Client only | Client only |
Cookies: The Classic Choice
Cookies have been around since the early days of the web. They are primarily used for:
- Session management (login states)
- Tracking
- Server-side data storage
// Set a cookie
document.cookie = "username=John; expires=Fri, 31 Dec 2025 23:59:59 GMT; path=/";
// Read cookies
console.log(document.cookie); // "username=John; theme=dark"
// Delete a cookie (set expires to past)
document.cookie = "username=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/";Key limitation: Every cookie is sent with every HTTP request to the server, which can impact performance.
localStorage: The Persistent Storage
localStorage is perfect for data that needs to persist across browser sessions:
// Store data
localStorage.setItem(user, JSON.stringify({name: John, id: 123}));
// Retrieve data
const user = JSON.parse(localStorage.getItem(user));
// Remove data
localStorage.removeItem(user);
// Clear all
localStorage.clear();Best for: User preferences, cached data, auth tokens (when not sensitive).
sessionStorage: The Session-Only Storage
sessionStorage works like localStorage but clears when the tab closes:
// Store temporary data
sessionStorage.setItem(currentPage, 3);
// Retrieve
console.log(sessionStorage.getItem(currentPage));Best for: Temporary form data, wizard steps, sensitive session data.
When to Use Each
Use Cookies When:
- Data must be sent to the server with every request
- You need server-side access to the data
- Working with authentication tokens that the server needs to validate
Use localStorage When:
- Storing large amounts of client-side data
- Data should persist across browser sessions
- Server does not need to read the data
Use sessionStorage When:
- Data should only persist for the current session
- Working with sensitive temporary data
- You want automatic cleanup when the tab closes
Security Considerations
Important: Never store sensitive data in localStorage. localStorage is vulnerable to XSS attacks. Better approach: Use httpOnly cookies for sensitive data.
Modern Alternatives
For complex state management, consider:
- IndexedDB: Database in the browser for large structured data
- Cache API: For caching network requests
- State management libraries: Redux, Zustand, etc.
Quick Reference
// Check if storage is available
function isStorageAvailable(type) {
try {
const storage = window[type];
const x = __storage_test__;
storage.setItem(x, x);
storage.removeItem(x);
return true;
} catch (e) {
return false;
}
}
console.log(isStorageAvailable(localStorage)); // true/falseChoose the right tool for the job - your users data and your application performance will thank you.