I have tried looking around about HTML5 Local Storage but I can't seem to find a straight answer.
Does the Local Storage store its objects based on Domain like cookies?
If so how do I access it from another domain?
Asked
Active
Viewed 2,040 times
0
-
http://stackoverflow.com/questions/4201239/in-html5-is-the-localstorage-object-isolated-per-page-domain – paul Apr 16 '13 at 11:42
2 Answers
2
From the spec:
User agents must throw a
SecurityErrorexception whenever any of the members of aStorageobject originally returned by thelocalStorageattribute are accessed by scripts whose effective script origin is not the same as the origin of theDocumentof theWindowobject on which thelocalStorageattribute was accessed.
You cannot access data stored in localStorage from any domain other than the one that stored it there. It follows the same model as the XMLHttpRequest - the "same origin policy".
James Allardice
- 156,021
- 21
- 318
- 304
-
-
@Alnitak - Yes, but the OP is asking specifically about access from another domain. – James Allardice Apr 16 '13 at 11:44
-
Yes, but from a pure DNS perspective, different subdomains of a domain are still different domains, even though they may have the same origin – Alnitak Apr 16 '13 at 11:45
0
If so how do I access it from another domain?
You cannot.
LocalStorage data is created based on the domain of the web page. That data is then only accessible from web pages under the same domain.
Here is why this is a good idea: Would you want a site like hackerz.pwn to be able to read/write/remove this?
Example (page on www.yourbank.com):
window.localStorage.setItem("user_session", "1234567");
Adam Stanley
- 1,843
- 1
- 14
- 16
-
That's what I thought, I figured that would be a huge security hole. So just curious, how does StackOverflow manage to handle global authentication using localstorage, they state that it's stored under the stackauth.com domain. – clifford.duke Apr 16 '13 at 13:27