Hi Alisson,
Can you provide some sources for this? As far as I know, local-storage can
only be read by the same origins as cookies can. So it's about the same
protection level as secure cookies.
But unlike cookies, local storage is not vulnerable to HTTP-trace.
Especially for an XSS attack,
I know this is really old. Just wanted to point out that the problem is:
where do you store the token? LocalStorage is not safe agains XSS attacks,
ideally you'd want to store your token in a Secure HttpOnly Cookie.
Em sexta-feira, 3 de maio de 2013 04:41:03 UTC-3, Antonello Pasella
escreveu:
