According to MDN it is suppose to be more secure than cookies for storing persistent data on the client.

However, checking the localStorage of facebook, twitter, and linkedin I can see that it is not being used.

Oddly, linkedin does have the key ( in localStorage ) 8df when logged in , but trying to access it throws an error.

According to MDN it is suppose to be more secure than cookies for storing persistent data on the client.

However, checking the localStorage of facebook., twitter., and linkedin. I can see that it is not being used.

Oddly, linkedin does have the key ( in localStorage ) 8df when logged in , but trying to access it throws an error.

• javascript

• 3 probably because IE is still in existence--and why code things two times [you'll ultimately need a fallback method]? – Brad Christie Commented Aug 24, 2013 at 21:08
• 1 The question is kind of vague. They aren't using it because they don't need it. People who need it, use it. – Dennis Commented Aug 24, 2013 at 21:10
• @Dennis: i think OPs point is they use cookies, but LS is supposed to be more secure. so why would you stick with an inferior method when a better one exists? – Brad Christie Commented Aug 24, 2013 at 21:11
• 2 @AndersonGreen: Please don't cite W3S--ever. With that said, yes, as of Ie8+ it's supported. But, sadly, a lot of the internet still uses <IE8 (esp corporate). and guess how many people log on while they're working? (Know your demographic). – Brad Christie Commented Aug 24, 2013 at 21:13
• 2 I find that disturbing - that IE can slow down adoption of new technology by years. – Handy Commented Aug 24, 2013 at 21:14

3 Answers 3

My guess (hopes this qualifies has an answer)

Web Storage is patible with most mon browsers: http://caniuse./namevalue-storage .

For things that don't need to transit with session: what probably happens is that cookies is most monly known and easy to use. There are lots of panies with average skilled ppl, who will run away when confronted with things out of their confort zone.

Edit after Python Fanboy's answer (+1 from me): read his answer.

localStorage has this drawback which cookies doesn't have: it's stored values aren't sent automatically with all HTTP requests so without more implementation Your server won't know what's stored in browser's localStorage.

localStorage is supported in IE since IE8.

According to MDN it is suppose to be more secure than cookies for storing persistent data on the client.

Taking a quick look at Facebook's cookie, for example, I see things like userid, authentication tokens, presence indicator for chat, and window size. (Not posting my cookie here for obvious reasons).

The feature that makes cookies "less secure" (cookies are sent with the HTTP request) is the feature they need in this case because it's part of their munication protocol. Authentication tokens are useless if they aren't sent to the server for, well, authentication.

Simply put, they aren't using localStorage in this case because they aren't trying to store things locally.