Hi Alisson, Can you provide some sources for this? As far as I know, local-storage can only be read by the same origins as cookies can. So it's about the same protection level as secure cookies. But unlike cookies, local storage is not vulnerable to HTTP-trace.
Especially for an XSS attack, the browser will attach the cookie to an attackers request, while a token stored in local-storage is not. Please let me know, because I take security very seriously, and I want to be ahead of possible attacks! Regards Sander -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To post to this group, send email to angular@googlegroups.com. Visit this group at https://groups.google.com/group/angular. To view this discussion on the web visit https://groups.google.com/d/msgid/angular/bb51361b-a7ff-477b-8830-dadee465bcc3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
