Web storage, sometimes known as DOM storage (Document Object Model storage), is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity and no information sent in HTTP headers.[1] There are two main web storage types: local storage and session storage, behaving similarly to persistent cookies and session cookies respectively. Web Storage is standardized by the World Wide Web Consortium (W3C)[2] and WHATWG,[3] and is supported by all major browsers.
Web storage differs from cookies in some key ways.
Cookies are intended for communication with servers; they are automatically added to all requests and can be accessed by both the server and client-side. Web storage falls exclusively under the purview of client-side scripting. Web storage data is not automatically transmitted to the server in every HTTP request, and a web server can't directly write to Web storage. However, either of these effects can be achieved with explicit client-side scripts, allowing for fine-tuning the server's desired interaction.
Cookies are restricted to 4 kilobytes. Web storage provides far greater storage capacity:
Web storage offers two different storage areas—local storage and session storage—which differ in scope and lifetime. Data placed in local storage is per origin—the combination of protocol, host name, and port number as defined in the same-origin policy. The data is available to all scripts loaded from pages from the same origin that previously stored the data and persists after the browser is closed. As such, Web storage does not suffer from cookie Weak Integrity and Weak Confidentiality issues, described in sections 8.5 and 8.6. Session storage is both per-origin and per-instance (per-window or per-tab) and is limited to the lifetime of the instance. Session storage is intended to allow separate instances of the same web app to run in different windows without interfering with each other, a use case that's not well supported by cookies.[9]
Web storage provides a better programmatic interface than cookies because it exposes an associative array data model where the keys and values are both strings.
Browsers that support web storage have the global objects sessionStorage
and localStorage
declared at the window level. The following JavaScript code can be used on these browsers to trigger web storage behavior:
// Retrieve value (gets deleted when browser is closed and re-opened) ...alert(sessionStorage.getItem('key'));
// Store value on the browser beyond the duration of the sessionlocalStorage.setItem('key', 'value');
// Retrieve value (persists even after closing and re-opening the browser)alert(localStorage.getItem('key'));Only strings can be stored via the Storage API.[10] Attempting to store a different data type will result in an automatic conversion into a string in most browsers. Conversion into JSON, however, allows for effective storage of JavaScript objects.
// Store an integer instead of a stringlocalStorage.setItem('key', 1);alert(typeof localStorage.getItem('key')); // string
// Store an object using JSONlocalStorage.setItem('key', JSON.stringify);alert(JSON.parse(localStorage.getItem('key')).name); // value
The W3C draft is titled "Web Storage". "DOM storage" has also been a commonly used name, though it is becoming less so; for example the "DOM Storage" web articles of the Mozilla and Microsoft developer sites have been replaced with "Web Storage" articles.[11] [12] [13] [14]
The "DOM" in DOM storage does not literally refer to the Document Object Model. According to the W3C, "The term DOM is used to refer to the API set made available to scripts in Web applications, and does not necessarily imply the existence of an actual Document object..."[15]
Storage of web storage objects is enabled by default in current versions of all supporting web browsers, with browser vendors providing ways for users natively to enable or disable web storage, or clear the web storage "cache".[16] Similar controls over web storage are also available through 3rd party browser extensions. Each browser stores Web storage objects differently:
webappsstore.sqlite
in the user's profile folder. [17]\AppData\Local\Google\Chrome\User Data\Default\Local Storage
" on Windows, and "~/Library/Application Support/Google/Chrome/Default/Local Storage
" on macOS.\AppData\Roaming\Opera\Opera\sessions\autosave.win
" or "\AppData\Local\Opera\Opera\pstorage\
" depending upon Opera's version.\AppData\LocalLow\Microsoft\Internet Explorer\DOMStorage
".LocalStorage
" within a hidden "safari
" folder. [18]While localStorage is often used for storing persistent key-value pairs, other APIs have emerged to enable various use cases like iteratable indexing[19] and with different performance patterns: