Post
Ask Question

Web Storage In HTML5

Introduction

 
Web Storage is the process of storing structured data in the client's Web browser with the help of JavaScript. The storage mechanism is implemented via key/value. It is exposed to us via two global objects called localStorage and sessionStorage. We can use these objects to what data to be stored, updated or deleted when needed. Web storage works extensively with client-side scripting language where data can be transferred to the server on the requirement and the server can’t alter the data to the web storage.
 

Abstract

 
Html 5 offers us with Web Storage features. A developer can make their application as per the requirements. The term Web Storage defines the set of browser capability to allow application-level persistent storage of key/value pairs on the client-side. In this article we will be focusing on HTML5 Web Storage API: Session Storage and Local Storage attributes and will create a small MVC app with the help of Session Storage.

Local Storage

 
Local storage is useful when you want to save the data to be accessible across multiple browser windows and keep the data long for persistent days even after the browser is closed and reopened.
 
Example 1. Usage of Local Storage
  1. $('#btnLocalStorage').click(function()    
  2. {    
  3.     var txtName = $("#txtName").val();    
  4.     //set item    
  5.     localStorage.setItem("EmpName", txtName);    
  6. });    
  7.     
  8. $('#btnLocalStorageRemove').click(function()    
  9.  {    
  10.     //remove item    
  11.     localStorage.removeItem("EmpName");    
  12. });    
  13. $('#btnLocalStorageClear').click(function()     
  14.  {    
  15.     //clear Local Storage    
  16.     localStorage.clear();    
  17. });    
  18. $('#btnLocalStorageLength').click(function()     
  19.  {    
  20.     var localStoragelocalStoragelength = localStorage.length;    
  21.     alert("The length of Local storage is " + localStoragelength);    
  22.     
  23. });   
insert
 
Demonstrating we insert the item by defining key and data.
 
storage
 
Demonstrating the local storage set item, with stored data.
 
Your keys and values must be a string. We have to rely upon toString() and JSON.stringify(converting JavaScript value to a JSON string), JSON.parse (to convert JSON text into JavaScript object).
 
Let’s take a small demo of storing the values in the Local Storage using Visual Studio. Here I will simply store the data to the local storage. As discussed earlier the data is saved in the local storage with a Key and its respective value. Let’s get started.
  1. <html>    
  2. <head>    
  3.     <meta name="viewport" content="width=device-width" />    
  4.     <title>Index</title>    
  5.     <script src="~/Scripts/jquery-1.10.2.js">    
  6.         </script>    
  7.         <script>    
  8.             $(document).ready(function()     
  9.              {    
  10.     
  11.                 $('#btnSave').click(function()     
  12.                  {    
  13.     
  14.                     //emptying the UserInfo table at the start    
  15.                     $('#UserInfo').empty();    
  16.                     //debugging the btnsave click funtion    
  17.                     debugger;    
  18.                     //declaring a new object of type User which will contains User Information    
  19.                     var User = new Object();    
  20.     
  21.                     //allocating values to the property like userName,age,address    
  22.                     User.userName = $('#txtName').val();    
  23.                     User.age = $('#txtAge').val();    
  24.                     User.address = $('#txtAddress').val();    
  25.     
  26.                     //below lines check for if in local storage the key exist or not with name Users    
  27.                     if (localStorage.Users)     
  28.                     {    
  29.                         //if exist in local storage get all the previous details in the Users    
  30.                         //convert json string to javascript object    
  31.                         Users = JSON.parse(localStorage.getItem("Users"))    
  32.     
  33.                     } else     
  34.                     {    
  35.                         //create array of objects    
  36.                         Users = [];    
  37.                     }    
  38.                     //storing new value to the User Key    
  39.                     Users.push(User);    
  40.     
  41.                     //converts javascript value to a JSON String    
  42.                     localStorage.setItem('Users', JSON.stringify(Users));    
  43.       
  44.                     var collectionofUser = JSON.parse(localStorage.getItem('Users'));    
  45.                     //translate all items in an array or object to new array of items    
  46.     
  47.                     $('#UserInfo').show();    
  48.                     var header = "<tr><th>User Name</th><th>Age</th><th>Address</th></tr>";    
  49.                     $('#UserInfo').append(header);    
  50.                     $.map(collectionofUser, function(UserDetails)    
  51.                     {    
  52.                         debugger;    
  53.     
  54.                         var Userinfo = "<tr><td>" + UserDetails.userName + "</td><td>" + UserDetails.age + "</td><td>" +    
  55.                             UserDetails.address + "</td></tr>";    
  56.     
  57.                         $('#UserInfo').append(Userinfo);    
  58.                     });    
  59.     
  60.                 })    
  61.             });    
  62.         </script>    
  63.     
  64. </head>    
  65.     
  66. <body>    
  67.     <div>    
  68.         <p>Welcome User to the Demo of Web Storage    
  69.             <br/> Enter the below form to see the magic.</p>    
  70.     
  71.         <table id="tblForm">    
  72.             <tr>    
  73.     
  74.                 <th>Name</th>    
  75.                 <th>Age</th>    
  76.                 <th>Address</th>    
  77.     
  78.             </tr>    
  79.             <tr>     
  80.                 <td>    
  81.                     <input id="txtName" type="text" />    
  82.                 </td>    
  83.                 <td>    
  84.                     <input id="txtAge" type="text" />    
  85.                 </td>    
  86.                 <td>    
  87.                     <input id="txtAddress" type="text" />    
  88.                 </td>    
  89.             </tr>    
  90.             <tr>      
  91.                 <td>    
  92.                     <input id="btnSave" type="button" value="Save" />    
  93.                 </td>    
  94.             </tr>    
  95.             </table>    
  96.     
  97.             <table id="UserInfo">    
  98.   
  99.                 </table>    
  100.     </div>    
  101. </body>    
  102.     
  103. </html>     

Simple UI

 
Simple UI
Demonstrating the Simple UI screen.
 
Let’s start debugging our application.
 
Phase 1
 
storage
 
Demonstrating the debug point and local storage.
 
Phase 2
 
storage
 
Demonstrating: As there is no key with a name using a new array is created and user information is pushed to UserArray.
 
Phase 3
 
Storage
 
Demonstrating the local storage has been set with key named users and all the object properties have been set to the Key as shown above at the right-hand side.
 
Phase 4
 
records
 
Demonstrating all the records present in key users are being stored in the collection of a user in the form of JavaScript objects as shown above.
 
Phase 5
 
object
 
Demonstrating moving object one by one and displayed to the table
 
Phase 6
 
function
 
Demonstrating User Interface after function execution.
 

Benefits of Local Storage

  • Saving program state, or saving some information that is needed across the entire web application.
  • Local storage gives a limit of 5MB of data to be stored on the client-side.
  • It stores data with no expiration date, and gets cleared only using JavaScript, or clearing the Browser Cache / Locally Stored Data.

Session Storage

 
Everything you saw above in the localStorage object also applies to the sessionStorage as well. The way you additem, removeitem is the same as in LocalStorage, the only difference is the syntax name. The major difference between session storage and local storage is data persistence. This means when we use localStorage data is present and available across various sessions (across multiple windows) i.e. you can close your browser and come later and any data that has been stored in localStorage will be available to you. While in Session Storage the data is used only on one browser window which means as soon as we close our window our session keys are destroyed and will not be accessible across sessions. It allows a separate instances of the application to run in different windows without affecting each other. The values of session storage remain persistent after page load also.
 
Example 2. Usage of Session Storage
  1. $('#btnSessionStorage').click(function()    
  2.  {    
  3.     debugger;    
  4.     var txtName = $("#txtName").val();    
  5.     //set item    
  6.     sessionStorage.setItem("EmpName", txtName);    
  7.     
  8. });    
  9.     
  10. $('#btnSessionStorageRemove').click(function()    
  11.  {    
  12.     debugger;    
  13.     
  14.     //remove item    
  15.     sessionStorage.removeItem("EmpName");    
  16. });    
  17. $('#btnSessionStorageClear').click(function()    
  18.  {    
  19.     debugger;    
  20.     
  21.     //clear Local Storage    
  22.     sessionStorage.clear();    
  23.     
  24. });     
session
 
Demonstrating the session storage length attribute.
 
We will be creating a simple Meeting application using Local storage as we go ahead before that let's discuss the most mind oscillating topic called Security.
 
The origin of Cookies as the HTTP state management website stores cookies to relate HTTP requests to each other. With the help of cookies, the simple HTTP stateless protocol becomes stateful.
 

Benefits of Web Storage

  • Based on the Html UI survey we can see that the Web storage is utilized frequently to locally stored code fragments probably for catching and fast responsiveness.
  • Easy to use API, with simple get and set key/value pairs.
  • A huge amount of data storage space.
Storage
 

The drawback of Web Storage

  • Data is stored without any encryption on disk. i.e. anyone who has access to the system can get access to the data.
  • In localStorage, if until the website deletes the data or user explicitly clears the data by telling the browser i.e. the data will be persistent for a lifetime.

Security Concerns

 
As all the local storage is saved on the client-side, it can be tempered or can be seen by anyone who has sound knowledge of browser working and web. Just type localStorage in a console window or go-to resource and there they are.
 
Local storage is a threat when a browser is being shared by multiple users example like a cyber cafe, where any person can inject a malicious script that can steal the user assets.
 
Let’s start and create a normal meeting scheduling app in Visual studio using ASP.NET MVC and session storage.
 
Create Simple Model classes as shown below
  1. //Code Snippet    
  2. //Business Layer     
  3. //This class is the Master Class where all the data is to be inserted, we will be using entity framework for inserting data to the database.     
  4. public class MeetingMaster      
  5. {      
  6.     [Key]      
  7.     public int ID      
  8.     {      
  9.         get;      
  10.         set;      
  11.     }      
  12.     public string Name       
  13.     {      
  14.         get;      
  15.         set;      
  16.     }       
  17.     public string Date_Of_Meeting       
  18.     {      
  19.         get;      
  20.         set;      
  21.     }        
  22.     public string Agenda_Covered      
  23.     {      
  24.         get;      
  25.         set;      
  26.     }        
  27.     public string Start_Time      
  28.     {      
  29.         get;      
  30.         set;      
  31.     }        
  32.     public string End_Time      
  33.     {      
  34.         get;      
  35.         set;      
  36.     }      
  37. }      
  38.       
  39. //Agenda that is covered in the Meeting      
  40. public class Agenda      
  41. {      
  42.     private int _AgendaId;      
  43.     public string AgendaName      
  44.     {      
  45.         get;      
  46.         set;      
  47.     }      
  48. }      
  49.       
  50. //Date of Meeting      
  51. public classDate {      
  52.     public string StartTime       
  53.     {      
  54.         get;      
  55.         set;      
  56.     }      
  57.     public string EndTime       
  58.     {      
  59.         get;      
  60.         set;      
  61.     }      
  62.       
  63.     public string DateOfMeeting       
  64.     {      
  65.         get;      
  66.         set;      
  67.     }       
  68. }      
  69.       
  70. //Employee Details       
  71. public class Employee       
  72. {      
  73.     private int _Id;      
  74.     public string participantName       
  75.     {      
  76.         get;      
  77.         set;      
  78.     }      
  79.       
  80.     public string participantEmail       
  81.     {      
  82.         get;      
  83.         set;      
  84.     }      
  85.       
  86. }      
  87.       
  88. //Meetings Details      
  89. public class Meeting       
  90. {      
  91.     private int _MtngId;      
  92.     public string MtngName       
  93.     {      
  94.         get;      
  95.         set;      
  96.     }      
  97.       
  98. }      
  99.       
  100. //Participants who participated in the Meeting      
  101. public class Participants      
  102. {      
  103.     [Key]      
  104.     [DatabaseGenerated(DatabaseGeneratedOption.None)]      
  105.     public int MomId       
  106.     {      
  107.         get;      
  108.         set;      
  109.     }      
  110.     public string Name       
  111.     {      
  112.         get;      
  113.         set;      
  114.     }      
  115.       
  116.     public string Email       
  117.     {      
  118.         get;      
  119.         set;      
  120.     }        
  121. }      
Let’s create our View, just a gentle reminder I will be using session storage for storage of data on the client browser and when all the information is gathered same will be inserted into the db.
 
UI
  1. @ {    
  2.     Layout = null;    
  3. }    
  4.     
  5. < !DOCTYPEhtml >    
  6.     
  7.     < html >    
  8.     < head >    
  9.     < meta name = "viewport"    
  10. content = "width=device-width" / >    
  11.     < title > Index < /title> < style >    
  12.     
  13.     
  14.     .ui - datepicker - current - day.ui - state - active {    
  15.         background: #0094ff; }    
  16. div.ui-datepicker    
  17. {    
  18. font-size: 12px;    
  19.   
  20. color: # f00;    
  21.     
  22.     } < /style> < scriptsrc = "~/Scripts/jquery-1.10.2.js" > < /script> < scriptsrc = "~/Scripts/jquery.dateFormat-1.0.js" > < /script> < scriptsrc = "~/Scripts/jquery-ui-1.11.4.js" > < /script> < linkhref = "~/Content/jquery-ui-1.10.4.custom.css"    
  23. rel = "stylesheet" / >    
  24.     < script >    
  25.     
  26.     $(function()    
  27.       {    
  28.     
  29.         $(".date-picker").datepicker({    
  30.             dateFormat: 'dd-mm-yy'    
  31.         });    
  32.     
  33.     });    
  34.     
  35. $(document).ready(function()     
  36.   {    
  37.     $("#showMessage").dialog({    
  38.         modal: true,    
  39.         closeOnEscape: false,    
  40.         open: function(event, ui)    
  41.       {    
  42.             $(".ui-dialog-titlebar-close", ui.dialog || ui).hide();    
  43.         },    
  44.         buttons: {    
  45.             Ok: function()    
  46.           {    
  47.                 $(this).dialog("close");    
  48.             }    
  49.         }    
  50.     });     
  51.     $('#btnAdd').click(function()    
  52.       {    
  53.         $('#UserInfo').empty();    
  54.         //creating a session storage to add the participants in the     
  55.         //session storage and when user click on create meeting all     
  56.         //keys will retireved and send to the server    
  57.     
  58.         var participant = new Object();    
  59.         //encode to a base-64 encoded string:    
  60.         participant.participantName = btoa($('#txtName').val());    
  61.         participant.participantEmail = btoa($('#txtEmail').val());    
  62.     
  63.         if (sessionStorage.Participants)    
  64.         {    
  65.             //if exist in local storage get all the previous details in the Users    
  66.             //convert json string to javascript object    
  67.             Participants = JSON.parse(sessionStorage.getItem('Participants'));    
  68.     
  69.         } else     
  70.         {    
  71.             //Create an array     
  72.             Participants = [];    
  73.         }      
  74.         Participants.push(participant);    
  75.         sessionStorage.setItem('Participants', JSON.stringify(Participants));      
  76.         var ListToShow = JSON.parse(sessionStorage.getItem("Participants"));    
  77.         //show the table    
  78.         $('#UserInfo').show();    
  79.         var header = "<tr><th style='text-align:left'>User Name</th><th colspan='2' style='text-align:left'>Email</th></tr>";    
  80.         $('#UserInfo').append(header);    
  81.         $.map(ListToShow, function(UserDetails)    
  82.          {      
  83.             var Userinfo = "<tr><td >" + atob(UserDetails.participantName) + "</td><td colspan='2'>" + atob(UserDetails.participantEmail) + "</td></tr>";    
  84.     
  85.             //append the data to the table    
  86.             $('#UserInfo').append(Userinfo);    
  87.         });    
  88.         $('#txtName').val("")    
  89.         $('#txtEmail').val("")      
  90.     });    
  91.     
  92.     $('#BtnSubmit').click(function()    
  93.      {      
  94.         //here we will use session storage because the application need is to store records in session and destroy them once done and destroy if this is closed.      
  95.         var mtngDate1 = new Object();    
  96.         mtngDate1.StartTime = $('#txtStartTime').val();    
  97.         mtngDate1.EndTime = $('#txtEndTime').val();    
  98.         mtngDate1.DateOfMeeting = $('#Date_Of_Meeting').val();    
  99.     
  100.         //creating agenda object to be passed to the controller    
  101.         var agenda = new Object();    
  102.         agenda.AgendaName = $('#txtMtngAgenda').val();    
  103.     
  104.         //creating mtngName object to be passed to the controller    
  105.         var mtng = new Object();    
  106.         mtng.MtngName = $('#txtMtngNAME').val();    
  107.     
  108.         var participantsDetails = JSON.parse(sessionStorage.getItem('Participants'));    
  109.         participantsDetailas = JSON.stringify({    
  110.             'participantsDetails': participantsDetails,    
  111.             'mtngDate': mtngDate1,    
  112.             'agendaCovered': agenda,    
  113.             'mtngNameCovered': mtng    
  114.         });    
  115.         $.ajax({    
  116.             type: 'POST',    
  117.             traditional: true,    
  118.             dataType: "json",    
  119.             url: '/Test/CreateMtng',    
  120.             contentType: "application/json; charset=utf-8",    
  121.             data: participantsDetailas,    
  122.             success: function(data)    
  123.           {    
  124.                 alert(data);    
  125.                 sessionStorage.clear();    
  126.                 $('#txtMtngNAME').val("");    
  127.                 $('#txtMtngAgenda').val("");    
  128.                 $('#Date_Of_Meeting').val("");    
  129.                 $('#txtStartTime').val("");    
  130.                 $('#txtEndTime').val("");    
  131.                 $('#UserInfo').empty();    
  132.             },    
  133.             error: function()    
  134.           {    
  135.                 alert('failure');    
  136.             }    
  137.         })    
  138.     
  139.     });    
  140. }); < /script>    
  141.     
  142. < /head> < body >    
  143.     < div >    
  144.     < tablealign = "center"    
  145. frame = "box" >    
  146.     < tr >    
  147.     
  148.     < thcolspan = "3" > Meeting Scheduler < /th> < /tr> < tr >    
  149.     < thstyle = "text-align:left" > Meeting Name < /th> < td > < inputid = "txtMtngNAME"    
  150. name = "Meeting.MtngName"    
  151. type = "text" / > < /td> < /tr> < tr >    
  152.     
  153.     < thstyle = "text-align:left" > Agenda Covered < /th> < td > < inputid = "txtMtngAgenda"    
  154. name = "Agenda.AgendaName"    
  155. type = "text" / > < /td> < /tr> < tr >    
  156.     < thstyle = "text-align:left" > Date of Meeting < /th> < td >    
  157.     @Html.TextBox("Date Of Meeting""---- Target Date----"new {    
  158.         placeholder = "Enter Date", style = " text-align:left", autocomplete = "off", @class = "date-picker", name = "Date.DateOfMeeting"    
  159.     }) < /td>    
  160.    
  161. < /tr> < tr >    
  162.     < thcolspan = "2"    
  163. style = "text-align:left" > Participants Details < /th> < /tr> < tr >    
  164.     < td > < inputid = "txtName"    
  165. type = "text"    
  166. placeholder = "Enter CustomerName" / > < /td> < td > < inputid = "txtEmail"    
  167. type = "text"    
  168. placeholder = "Enter Email id" / > < /td> < td > < inputid = "btnAdd"    
  169. type = "button"    
  170. value = "Add Participants" / > < /td>    
  171.   
  172. < /tr> < tr >    
  173.     < tdstyle = "text-align:left" >    
  174.     
  175.     Participants    
  176.     
  177.     < /td> < /tr> < tr >    
  178.     < tdcolspan = "3" >    
  179.     < tableid = "UserInfo"    
  180. style = "width:100%;"    
  181. align = "center"    
  182. frame = "box" >    
  183.   
  184.     < /table>    
  185.   
  186. < /td>      
  187. < /tr> < tr >    
  188.     < thstyle = "text-align:left" > Start time < /th> < td > < inputid = "txtStartTime"    
  189. type = "text"    
  190. name = "Date.StartTime" / > < /td>      
  191. < /tr> < tr >    
  192.     < thstyle = "text-align:left" > EndTime time < /th> < td > < inputid = "txtEndTime"    
  193. type = "text"    
  194. name = "Date.EndTime" / > < /td>      
  195. < /tr> < tr >    
  196.     < tdcolspan = "3"    
  197. style = "text-align:center" > < inputid = "BtnSubmit"    
  198. type = "button"    
  199. value = "Create Meeting" / > < /td> < /tr> < /table> < /div> < /body> < /html>    
  200.     
  201. //Controller    
  202. Create a Controller    
  203.     
  204. public class TestController: Controller    
  205. {    
  206.     // GET: Test    
  207.     public ActionResult Index()    
  208.     {    
  209.         return View();    
  210.     }    
  211.     
  212.     //Create Meeting called by ajax    
  213.     public ActionResult CreateMtng(MeetingVM objVm)    
  214.     {    
  215.     
  216.         //Data access layer object    
  217.         DAL objDal = newDAL();    
  218.     
  219.         //meeting master object created     
  220.         MeetingMaster mtngMasterDetails = newMeetingMaster();    
  221.     
  222.         mtngMasterDetails.Name = objVm.mtngNameCovered.MtngName.ToString();    
  223.         mtngMasterDetails.Agenda_Covered = objVm.agendaCovered.AgendaName.ToString().Trim();    
  224.         mtngMasterDetails.Date_Of_Meeting = objVm.mtngDate.DateOfMeeting.ToString().Trim();    
  225.         mtngMasterDetails.End_Time = objVm.mtngDate.EndTime.ToString().Trim();    
  226.         mtngMasterDetails.Start_Time = objVm.mtngDate.StartTime.ToString().Trim();     
  227.         //added to the in memory    
  228.         objDal.mtngMaster.Add(mtngMasterDetails);    
  229.     
  230.         //saved to db    
  231.         objDal.SaveChanges();    
  232.     
  233.         int MtngId = mtngMasterDetails.ID;    
  234.     
  235.     
  236.         //logic for adding participants of the Meeting to the Participants table    
  237.         Participants participant = newParticipants();    
  238.         foreach(Employee obj in objVm.participantsDetails)    
  239.         {    
  240.     
  241.             participant.MomId = MtngId;    
  242.     
  243.             byte[] dataEmail = Convert.FromBase64String(obj.participantEmail);    
  244.             byte[] dataName = Convert.FromBase64String(obj.participantName);    
  245.             string decodedEmail = Encoding.UTF8.GetString(dataEmail);    
  246.             string decodedName = Encoding.UTF8.GetString(dataName);    
  247.             participant.Email = decodedEmail;    
  248.             participant.Name = obj.participantName;    
  249.     
  250.             objDal.participants.Add(participant);    
  251.             objDal.SaveChanges();    
  252.         }    
  253.   
  254.         string response = "The Meeting Successfully createed with id " + MtngId;    
  255.         return Json(response, JsonRequestBehavior.AllowGet);    
  256.     }    
  257. }     
Table for Meeting Master
 
ID here is an Identity column wherein TblParticipants MomId is not Identity.
 
Meeting
 
Table for Participants,
 
Participants
We will be using Entity Framework for mapping our Models to the DB schema.
  1. public classDAL: DbContext    
  2. {    
  3.     //DBSet class represents an entity set that is used for create, read, update, and delete operations.    
  4.     public DbSet < MeetingMaster > mtngMaster    
  5.     {    
  6.         get;    
  7.         set;    
  8.     }    
  9.     publicDbSet < Participants > participants     
  10.     {    
  11.         get;    
  12.         set;    
  13.     }    
  14.     protected override void OnModelCreating(DbModelBuilder modelBuilder)    
  15.     {    
  16.         //map your classes to tables     
  17.         modelBuilder.Entity < MeetingMaster > ().ToTable("TblMeetingMaster");    
  18.         modelBuilder.Entity < Participants > ().ToTable("TblParticipants");    
  19.     }    
  20. }    
Let’s start and debug our program step by step,
 
debug
 
Secretary creates a list of Participants to be added and click on Add participants. Here the list of participants will be stored in session storage rather than storing it session on the server-side. We will encode the value using base-64 encoded to keep the value secret. These values can be manipulated easily by injecting malicious JavaScript while if the user directly changes the value it will fail to decode as it will not be 64 bit encoded. We will test the same scenario during the debugging.
 

Debugger Stages

 
Stage 1
 
Debugger
 
We can see the textbox values being encoded in 64 bit.
 
'sessionStorage.Participants' checks for if there is already any Participants key present in sessionStorage if not then create an array of Participants and push the Participant object into the array and then save the same in sessionStorage.
 
Debugger
 
The value stored in session Storage with key Participants.
 
Participants
 
As new key has been inserted in session storage, now if we check 'sessionStorage.Participants will receive the above output. If I try to inject the JavaScript over here and delete the key and insert a new key it can be easily done. Let’s see what happens,
 
key
 
I cleared session storage and tried to change the value and added encoded 64 of ‘hacker’ this may seem foolish as I am changing the value from the console window. Let’s check what value appears on the browser for participants.
 
console
 
As we can see the value has been manipulated, the same can happen when someone injects malicious script and changes the data, so it’s strictly said not to store important credentials and the user's important information in localStorage or sessionStorage as it’s vulnerable to attacks easily.
 
Let’s focus and create a Meeting app using ASP.NET MVC.
 
app
 
Secretary has inserted the details and creates the meeting.
 
Meeting
 
We create an object of all the details to be passed to the Controller, as we know before passing the objects we need to Stringify the objects as shown below,
 
objects
 
objects
 
Hits come to the Controllers,
 
Controllers
 
All the values passed from the View to the Controller, and participants' values are encoded in 64 bit.
 
values
 
Decoding of Participant's name and email.
 
Decoding
 
Meeting has been successfully created with id 1.
 
created
 
Successful creation of meeting.
 
Let’s check the database values,
 
database
 
You can add mailing features also so that all the participants will receive the mail regarding minutes of the Meeting.
 

Summary 

 
Hence I conclude that Web Storage is a really amazing concept with drawbacks as well. I was unaware of Web Storage features before this so I wanted to unleash this topic from scratch. I hope this article will be helpful to everyone. I would be happy and will feel appreciated if you could comment and improvise me in doing better and learning the security measures to be taken while using sessionStorage or LocalStorage.


Similar Articles