Greetings Fellows
I have a doubt about, what thing qualifies like sensible information. Let me explan. I just find that a system is saving the username in the localStorage when are logged. It stays there and when you logout it diseappears.
So it qualifies bad programing practices?
Thank you for your help
The rule is “don’t store anything sensitive in local storage”. The local storage is pretty simple and has not security at all. It was not designed to store anything sensitive (like user information, session tokens, credit cards, etc) and it’s available to any page that uses JavaScript.
Moreover, if the app needs to store information per session, the app should use Session Storage instead and to store the username (or any user information), the recommendation is to put it in the Cookie.