Cookies, Session, & Local Storage unpacked

What is Cookie, Session and LocalStorage – Quick Overview

Quick Summary: Discover the key players in web data storage! Cookies, session storage, and local storage are the trio that powers seamless online experiences. Cookies are small data pieces. Websites store it save choices on your device; session storage is temporary. It vanishes once you close the browser. Meanwhile, localStorage retains data even after closures, which is ideal for non-expiring info. Each has its strength, enhancing user interaction and site functionality. Plunge into this trio for a web experience like no other!


Have you ever imagined browsing a website and it recalls your language preference or shopping cart items even after you close the browser?

That’s the magic of cookies, session storage, and local storage. In this era, where user experience reigns supreme, grasping these three concepts is akin to possessing a key that unlocks personalized, efficient, and seamless interactions online.

This trio isn’t just about convenience; in fact, it is beneficial for both users and as well as developers of leading Software Development Services.

Want to know more??
Read this blog…


Cookies are small text files. It stores on the Client. All browser cookies have a maximum capacity of 4 KB. We don’t need a function to start a cookie. Cookies store continuous user verification data on websites. We may turn cookies on or off on a particular site. It helps to create simple and fast website information. User Data Cookies Provide Better User Information, Website Access, and Quick Access.

We can store a maximum of 20 cookies per site. It is a good idea to clear cookies from time to time for certain issues, such as uploading or formatting sites.

Cookie for HTML

When the browser submits a request to the web server the following time, it sends the cookie information to the server, which the server uses to identify the user. Additionally there are different types of cookies including Zombie Cookie.

There are many types of cookies:

  • Session Cookie
  • Permanent cookies
  • Third-party cookies
  • Session Cookie

Session Cookie

A session cookie represents a server-specific cookie that only the individual who created the Cookie can send to any machine. A session cookie doesn’t possess an expiration date. Time cookies reside in memory and are never save to the disk. If the browser closes, the Cookies will be permanently delete.

Permanent cookies

Persistent cookies, AKA permanent cookies, delete themselves once the browser gets close, and users can remove them by setting a cookie expiration date.

They remain active even when using the web browser.

Third-party cookies

Third-party companies set third-party cookies to collect specific information from web users for research purposes, such as behavior, demographics, or demolition practices. Advertisers frequently utilize them to display the most relevant ads across websites, targeting the appropriate audience.


var cookieName = 'test1';
                var cookieValue = '1';
                var myDate = new Date();
                myDate.setDate(myDate.getDate() +30);
                document.cookie = cookieName + "=" + cookieValue + ";expires=" +myDate;


Session Stores User information on the server side For a while. There is no Session Storage Limit. Sessions transfer values from one page to another. Sometimes, the session depends on Cookie. Larger web applications, which require storing much user data, mostly use Server time. Each session receives a unique ID to retrieve saved values. When creating a session, the system stores a cookie containing a unique session ID on the user’s computer and then sends it back to the server along with all subsequent requests.

session for front end development

Each session is unique to each user, and there is no limit to the number of sessions that for a single application.

It is more secure because is on the server, we cannot easily access it. This embeds cookies on the user’s computer. It stores unlimited data.

A session ends when the user quits the browser or leaves the site, or when the server terminates the session after a predetermined amount of time, usually 30 minutes.

Local storage

This is because LocalStorage has many advantages over cookies. One crucial distinction is that, unlike cookies, there’s no need to transmit data with every HTTP request. It minimizes congestion between the Client and server, reducing bandwidth loss. The system stored data on the user’s local disk, which remains intact even if the internet connection has lost. Additionally, as mentioned earlier, LocalStorage can accommodate up to 5MB of data, a significant increase compared to the 4KB capacity of cookies.

storage for HTML5

LocalStorage is insecure for storing sensitive information and you can access it using any code. So, it is quite insecure.

LocalStore behaves like continuous cookies with expiration. The Data will not destroy automatically unless Javascript code erases it. It can be good for larger data bits that need longer storage.



Cookie vs Session vs LocalStorage


  • There are several expiration dates (both the server and Client can set up expiration dates)
  • The Client can’t access the Cookies if the Http Only flag is set to true.
  • Has SSL Support.
  • Each HTTP request sends data to the server.
  • The maximum file size is 4 KB.

Local Storage

  • Has no expiration date.
  • Client only.
  • No support for SSL.
  • It does not transfer Data on every HTTP request.
  • 5 MB limit ( 5 megabytes).

Session Storage

  • If we close the browser or the tab, session data will be remove automatically.
  • Client only.
  • No support for SSL.
  • It does not transfer Data on every HTTP request.
  • 5-10 MB ( megabytes ) limit.
  • It’s synchronous.


Understanding these technologies is not simply advantageous in this fast-paced digital environment but also necessary. Users may easily navigate websites, and developers can create complex, effective systems considering each user’s trip.

So, while you explore the huge web, remember the three entities—cookies, session storage, and local storage—that are toiling away in the background to mold your online experience. Accept their potential and allow them to improve your online experience!


Cookies and local storage serve different purposes and have varying security implications. Cookies are often used for tracking and session management but can be susceptible to cross-site scripting and CSRF attacks. On the other hand, local storage is more secure against these attacks, but it’s limited in size and doesn’t automatically send data with every HTTP request. Using HttpOnly and Secure flags for cookies and carefully managing local storage data are recommended to enhance security. Ultimately, the choice depends on the specific use case and security considerations.

The best way to store cookies is by setting appropriate security flags. Use the “HttpOnly” flag to prevent JavaScript access, reducing the risk of cross-site scripting attacks. Enable the “Secure” flag to ensure cookies are only transmitted over HTTPS, enhancing data protection. Implementing a well-considered cookie expiration policy and avoiding sensitive cookie information further improve security practices.

The choice between cookies and local storage depends on the use case. Cookies are suitable for small amounts of data needing to be sent with every HTTP request, but they’re susceptible to certain security vulnerabilities. Local storage offers greater capacity and improved security against certain attacks but doesn’t automatically send data with each request. Assess your needs and security considerations to determine which is better for your situation.

Session cookies have drawbacks, such as vulnerability to hijacking and cross-site scripting attacks. They are temporary and expire once the user closes their browser, potentially causing users to lose their session data. Moreover, session cookies cannot be accessed across different tabs or windows. Managing session data server-side can also lead to increased server load. Careful implementation and security measures are necessary to mitigate these disadvantages.

In terms of security, session storage is generally considered safer than cookies. Session storage data is stored on the client side and is not automatically sent with every HTTP request, reducing exposure to certain attacks. However, session storage is limited to the current tab/window and can be vulnerable to cross-site scripting attacks. While safer than cookies in some aspects, proper security practices should still be followed when using session storage.