Web storage, sometimes known as DOM storage (
Document Object Model storage), is a standard
JavaScript API provided by
web browsers. It enables
websites to store
persistent data on users' devices similar to
cookies
A cookie is a baked or cooked snack or dessert that is typically small, flat and sweet. It usually contains flour, sugar, egg, and some type of oil, fat, or butter. It may include other ingredients such as raisins, oats, chocolate chips, nuts ...
, but with much larger capacity
and no information sent in
HTTP headers
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, w ...
. There are two main web storage types: local storage and session storage, behaving similarly to
persistent cookies and
session cookies respectively. Web Storage is standardized by the
World Wide Web Consortium (W3C) and
WHATWG, and is supported by all major browsers.
Features
Web storage differs from cookies in some key ways.
Purpose
Cookies are intended for communication with servers; they are automatically added to all requests and can be accessed by both the server and client-side. Web storage falls exclusively under the purview of
client-side scripting
A server-side dynamic web page is a web page whose construction is controlled by an application server processing server-side scripts. In server-side scripting, parameters determine how the assembly of every new web page proceeds, and includin ...
. Web storage data is not automatically transmitted to the server in every HTTP request, and a web server can't directly write to Web storage. However, either of these effects can be achieved with explicit client-side scripts, allowing for fine-tuning the server's desired interaction.
Storage size
Cookies are restricted to 4 kilobytes. Web storage provides far greater storage capacity:
*
Opera 10.50+ allows 5 MB
*
Safari 8 allows 5 MB
*
Firefox 34 allows 10 MB
(formerly 5 MB per
origin in 2007)
*
Google Chrome
Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, ...
allows 10 MB per origin
*
Internet Explorer allows 10 MB per storage area
Local and session storage
Web storage offers two different storage areas—local storage and session storage—which differ in scope and lifetime. Data placed in local storage is per origin—the combination of protocol, host name, and port number as defined in the
same-origin policy. The data is available to all scripts loaded from pages from the same origin that previously stored the data and persists after the browser is closed. As such, Web storage does not suffer from cookie Weak Integrity and Weak Confidentiality issues, described in sections 8.5 and 8.6. Session storage is both per-origin and per-instance (per-window or per-tab) and is limited to the lifetime of the instance. Session storage is intended to allow separate instances of the same web app to run in different windows without interfering with each other, a use case that's not well supported by cookies.
Interface and data model
Web storage provides a better programmatic interface than cookies because it exposes an
associative array
In computer science, an associative array, map, symbol table, or dictionary is an abstract data type that stores a collection of (key, value) pairs, such that each possible key appears at most once in the collection. In mathematical terms an a ...
data model
A data model is an abstract model that organizes elements of data and Standardization, standardizes how they relate to one another and to the properties of real-world Entity, entities. For instance, a data model may specify that the data element ...
where the keys and values are both
strings. An additional
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
for accessing
structured data is being considered by the W3C Web Applications Working Group.
Usage
Browsers that support web storage have the global objects
sessionStorage
and
localStorage
declared at the window level. The following
JavaScript code can be used on these browsers to trigger web storage behavior:
// Store value on browser for duration of the session
sessionStorage.setItem('key', 'value');
// Retrieve value (gets deleted when browser is closed and re-opened) ...
alert(sessionStorage.getItem('key'));
// Store value on the browser beyond the duration of the session
localStorage.setItem('key', 'value');
// Retrieve value (persists even after closing and re-opening the browser)
alert(localStorage.getItem('key'));
Only strings can be stored via the Storage API. Attempting to store a different data type will result in an automatic conversion into a string in most browsers. Conversion into
JSON, however, allows for effective storage of JavaScript objects.
// Store an object instead of a string
localStorage.setItem('key', );
alert(typeof localStorage.getItem('key')); // string
// Store an integer instead of a string
localStorage.setItem('key', 1);
alert(typeof localStorage.getItem('key')); // string
// Store an object using JSON
localStorage.setItem('key', JSON.stringify());
alert(JSON.parse(localStorage.getItem('key')).name); // value
Nomenclature
The W3C draft is titled "Web Storage". "DOM storage" has also been a commonly used name, though it is becoming less so; for example the "DOM Storage" web articles of the Mozilla and Microsoft developer sites have been replaced with "Web Storage" articles.
The "DOM" in DOM storage does not literally refer to the
Document Object Model. According to the W3C, "The term DOM is used to refer to the API set made available to scripts in Web applications, and does not necessarily imply the existence of an actual Document object..."
Web storage management
Storage of web storage objects is enabled by default in current versions of all supporting web browsers, with browser vendors providing ways for users to natively enable or disable web storage, or clear the web storage "cache". Similar controls over web storage are also available through 3rd party
browser extension
A browser extension is a small software module for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web ...
s. Each browser stores Web storage objects differently:
*
Firefox saves Web storage objects in a
SQLite file called
webappsstore.sqlite
in the user's profile folder.
*
Google Chrome
Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, ...
records Web storage data in a
SQLite file in the user's profile. The subfolder containing this file is "
\AppData\Local\Google\Chrome\User Data\Default\Local Storage
" on
Windows, and "
~/Library/Application Support/Google/Chrome/Default/Local Storage
" on
macOS.
*
Opera's Web storage is located in either "
\AppData\Roaming\Opera\Opera\sessions\autosave.win
" or "
\AppData\Local\Opera\Opera\pstorage\
" depending upon Opera's version.
*
Internet Explorer's Web storage is "
\AppData\LocalLow\Microsoft\Internet Explorer\DOMStorage
".
*
Safari's Web Storage is located in a folder labeled "
LocalStorage
" within a hidden "
safari
" folder.
Where is Safari web data stored?
discussions.apple.com. Retrieved 20 2022-10-06
See also
* Indexed Database API
References
External links
HTML Living Standard 11 Web storage
W3C: Web Storage
Web Storage API
on Mozilla Developer Network
Opera: Web Storage: easier, more powerful client-side data storage
on BlackBerry DevZone
{{Web interfaces
World Wide Web Consortium standards
HTML5
Internet privacy