- Local Storage Definition: Stores data in the browser with no expiration time. Size: Up to 5MB. Accessibility: Available across all browser tabs and windows. Usage: Persistent user preferences. Data that needs to persist across sessions (e.g., theme selection). Pros: Simple key-value storage. Data persists even after the browser is closed. Cons: Accessible via JavaScript, making it vulnerable to XSS attacks if not handled securely.
- Session Storage Definition: Stores data in the browser that is cleared when the tab or window is closed. Size: Up to 5MB. Accessibility: Limited to the specific browser tab. Usage: Temporary data like form inputs during the session. Information that doesn’t need to persist after the session ends. Pros: Scoped to a single session, reducing unintended data leakage. Cons: Data is lost when the tab or browser is closed.
- JWT (JSON Web Token) Definition: A compact, self-contained token used for authentication and information exchange. Structure: Header: Metadata (e.g., type and signing algorithm). Payload: Encoded user data (claims). Signature: Ensures token integrity. Usage: Securely transmitting information between parties. Authentication (storing in cookies or memory, not Local/Session Storage for sensitive data). Pros: Stateless (server doesn’t store session data). Can be easily verified with a secret or public/private key. Cons: Size can be large due to payload. Vulnerable to XSS if stored insecurely. Differences and Use Cases Aspect Local Storage Session Storage JWT Persistence Persistent Limited to session Defined by token expiration. Data Type Key-Value Key-Value Encoded user data (claims). Use Case App settings, preferences Temporary data Authentication, session management. Security Concerns Vulnerable to XSS attacks Same as Local Storage XSS if not stored securely. Storage Location Browser Browser Client-side or server-side storage. Interview-Related Questions Conceptual Questions
What is the difference between Local Storage and Session Storage?
How does JWT work for authentication?
Why should JWT not be stored in Local Storage?
What are the security implications of using Local Storage for sensitive data?
Practical/Scenario-Based Questions
How would you implement session management in a React app using JWT?
Describe a secure way to store JWTs in a client-side application.
If you need to persist user preferences for a long time, which storage method would you choose and why?
How would you prevent XSS attacks when using browser storage?
Problem-Solving
Design a system where users can stay logged in for 7 days but are logged out after 10 minutes of inactivity.
Implement token renewal using JWT when it is about to expire.
How would you handle token revocation in a stateless JWT setup?
Top comments (0)