Session Management across Subdomains: Localstorage vs Cookies
Brief about localStorage
Recently, at our organization Profilebud, we remodelled the user flow, what needed to do was a user has registered on payment.profilebud.com and then we wanted to redirect the user directly in our user dashboard at app.profilebud.com.
Way to Solution
In the above use case, we got blocked with localstorage. So, we have been using localstorage to set the user login token and to keep the user logged in. But that didn’t work out in the above use case.
That’s because localstorage doesn’t support sharing the storage across subdomains or even domain. Thus, if you have something stored at a.example.com it won’t be accessible from example.com or b.example.com.
Actually, this is a browser storage security issue, and in fact, none of LocalStorage/WebSQL/IndexedDB can be shared across subdomains. They are part of the “same-origin policy” which sandboxes data. This is to prevent malicious sites from e.g.
malicious.geocities.comspying on data from another site like
So, unfortunately for use-cases like this storage across subdomains isn’t possible in any browser. Whereas traditional cookie session management can be scoped to multiple subdomains.
Cookies are pretty much a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. If we were to store data on the server without using cookies, then it would be difficult to retrieve a particular user’s information without requiring a login on each visit to the website. Therefore, a cookie can simply be used if there is a large amount of information to store. In addition, a cookie can be made to persist for an arbitrary length of time.
Cookies and local storage serve different purposes. Cookies are mainly for reading server-side, whereas local storage can only be read by the client-side. Apart from saving data, a big technical difference is the size of data you can store, and as I mentioned earlier localStorage gives you more to work with.
In my use case, cookies are the right solution for session management because it can be scoped to multiple subdomains.
In any case, I don’t think localStorage is the right solution for session management.
In this blog, we will be looking at how to work with cookies to setup authentication or session management in your web…
Hope this helps :)