localStorage，sessionStorage，session和cookie之間有什麼區別？

本文翻譯自：What is the difference between localStorage, sessionStorage, session and cookies?

localStorage，sessionStorage，session和cookie的技術優缺點是什麼，何時可以在另一個之上使用？

---

#1樓

參考：https://stackoom.com/question/1LMT9/localStorage-sessionStorage-session和cookie之間有什麼區別

---

#2樓

This is an extremely broad scope question, and a lot of the pros/cons will be contextual to the situation. 這是一個範圍極爲廣泛的問題，很多利弊都取決於具體情況。

In all cases, these storage mechanisms will be specific to an individual browser on an individual computer/device. 在所有情況下，這些存儲機制都將特定於單個計算機/設備上的單個瀏覽器。 Any requirement to store data on an ongoing basis across sessions will need to involve your application server side - most likely using a database, but possibly XML or a text/CSV file. 跨會話持續存儲數據的任何要求都將涉及您的應用服務器端-最有可能使用數據庫，但可能使用XML或文本/ CSV文件。

localStorage, sessionStorage, and cookies are all client storage solutions. localStorage，sessionStorage和cookie都是客戶端存儲解決方案。 Session data is held on the server where it remains under your direct control. 會話數據保存在您直接控制的服務器上。

localStorage and sessionStorage localStorage和sessionStorage

localStorage and sessionStorage are relatively new APIs (meaning, not all legacy browsers will support them) and are near identical (both in APIs and capabilities) with the sole exception of persistence. localStorage和sessionStorage是相對較新的API（意味着，並非所有舊版瀏覽器都支持它們），並且幾乎完全相同（API和功能都相同），唯一的例外是持久性。 sessionStorage (as the name suggests) is only available for the duration of the browser session (and is deleted when the tab or window is closed) - it does, however, survive page reloads (source DOM Storage guide - Mozilla Developer Network ). sessionStorage（顧名思義）僅在瀏覽器會話期間可用（並在關閉選項卡或窗口時刪除）-但是，它確實可以在頁面重新加載後倖存（源DOM存儲指南-Mozilla開發人員網絡 ）。

Clearly, if the data you are storing needs to be available on an ongoing basis then localStorage is preferable to sessionStorage - although you should note both can be cleared by the user so you should not rely on the continuing existence of data in either case. 顯然，如果需要持續提供要存儲的數據，則localStorage比sessionStorage更可取-儘管您應注意兩者都可以被用戶清除，所以在任何一種情況下都不應依賴於數據的持續存在。

localStorage and sessionStorage are perfect for persisting non-sensitive data needed within client scripts between pages (for example: preferences, scores in games). localStorage和sessionStorage非常適合在頁面之間的客戶端腳本中持久存儲所需的非敏感數據（例如：偏好，遊戲中的得分）。 The data stored in localStorage and sessionStorage can easily be read or changed from within the client/browser so should not be relied upon for storage of sensitive or security-related data within applications. 可以輕鬆地從客戶端/瀏覽器中讀取或更改存儲在localStorage和sessionStorage中的數據，因此不應依賴它們在應用程序中存儲敏感或與安全相關的數據。

Cookies 餅乾

This is also true for cookies, these can be trivially tampered with by the user, and data can also be read from them in plain text - so if you are wanting to store sensitive data then the session is really your only option. 對於cookie來說也是如此，它們可以被用戶輕易地篡改，並且還可以純文本格式從中讀取數據-因此，如果您要存儲敏感數據，則會話實際上是您唯一的選擇。 If you are not using SSL, cookie information can also be intercepted in transit, especially on an open wifi. 如果您未使用SSL，則cookie信息也可能在傳輸過程中被截獲，尤其是在開放的wifi上。

On the positive side cookies can have a degree of protection applied from security risks like Cross-Site Scripting (XSS)/Script injection by setting an HTTP only flag which means modern (supporting) browsers will prevent access to the cookies and values from JavaScript (this will also prevent your own, legitimate, JavaScript from accessing them). 從積極的方面來說，通過設置僅HTTP標誌，cookie可以受到一定程度的保護，免受跨站點腳本（XSS）/腳本注入等安全風險的威脅，這意味着現代（支持）瀏覽器將阻止訪問JavaScript和來自JavaScript的值（這也將阻止您自己的合法JavaScript訪問它們）。 This is especially important with authentication cookies, which are used to store a token containing details of the user who is logged on - if you have a copy of that cookie then for all intents and purposes you become that user as far as the web application is concerned, and have the same access to data and functionality the user has. 這對於身份驗證cookie尤其重要，身份驗證cookie用於存儲包含登錄用戶詳細信息的令牌-如果您擁有該cookie的副本，那麼就所有意圖和目的而言，您將成爲該用戶，直至該Web應用程序爲止。並具有與用戶擁有的數據和功能相同的訪問權限。

As cookies are used for authentication purposes and persistence of user data, all cookies valid for a page are sent from the browser to the server for every request to the same domain - this includes the original page request, any subsequent Ajax requests, all images, stylesheets, scripts, and fonts. 由於Cookie用於身份驗證和用戶數據持久化，因此針對同一域的每個請求都會將針對頁面有效的所有 cookie從瀏覽器發送到服務器-包括原始頁面請求，任何後續的Ajax請求，所有圖像，樣式表，腳本和字體。 For this reason, cookies should not be used to store large amounts of information. 因此，cookies不應用於存儲大量信息。 The browser may also impose limits on the size of information that can be stored in cookies. 瀏覽器還可能會限制可存儲在Cookie中的信息的大小。 Typically cookies are used to store identifying tokens for authentication, session, and advertising tracking. 通常，cookie用於存儲身份驗證令牌，以進行身份​​驗證，會話和廣告跟蹤。 The tokens are typically not human readable information in and of themselves, but encrypted identifiers linked to your application or database. 令牌本身通常不是人類可讀的信息，而是鏈接到您的應用程序或數據庫的加密標識符。

localStorage vs. sessionStorage vs. Cookies localStorage vs.sessionStorage vs.Cookie

In terms of capabilities, cookies, sessionStorage, and localStorage only allow you to store strings - it is possible to implicitly convert primitive values when setting (these will need to be converted back to use them as their type after reading) but not Objects or Arrays (it is possible to JSON serialise them to store them using the APIs). 就功能而言，Cookie，sessionStorage和localStorage僅允許您存儲字符串-設置時可以隱式轉換原始值（讀取後將這些原始值轉換回使用它們作爲它們的類型），但不允許對象或數組（可以將它們進行JSON序列化以使用API​​進行存儲）。 Session storage will generally allow you to store any primitives or objects supported by your Server Side language/framework. 會話存儲通常將允許您存儲服務器端語言/框架支持的任何原語或對象。

Client-side vs. Server-side 客戶端與服務器端

As HTTP is a stateless protocol - web applications have no way of identifying a user from previous visits on returning to the web site - session data usually relies on a cookie token to identify the user for repeat visits (although rarely URL parameters may be used for the same purpose). 由於HTTP是一種無狀態協議，Web應用程序無法從返回站點時的先前訪問中識別用戶-會話數據通常依賴於Cookie令牌來標識用戶以進行重複訪問（儘管很少有URL參數可用於相同的目的）。 Data will usually have a sliding expiry time (renewed each time the user visits), and depending on your server/framework data will either be stored in-process (meaning data will be lost if the web server crashes or is restarted) or externally in a state server or database. 數據通常會有一個到期時間（每次用戶訪問時都會更新），並且取決於服務器/框架，數據將存儲在進程內（這意味着數據將在Web服務器崩潰或重新啓動時丟失）或在外部存儲。狀態服務器或數據庫。 This is also necessary when using a web-farm (more than one server for a given website). 使用網絡農場（給定網站有多個服務器）時，這也是必要的。

As session data is completely controlled by your application (server side) it is the best place for anything sensitive or secure in nature. 由於會話數據完全由您的應用程序（服務器端）控制，因此它是任何敏感或安全性質的最佳場所。

The obvious disadvantage of server-side data is scalability - server resources are required for each user for the duration of the session, and that any data needed client side must be sent with each request. 服務器端數據的明顯缺點是可伸縮性-會話期間每個用戶都需要服務器資源，並且客戶端所需的任何數據都必須與每個請求一起發送。 As the server has no way of knowing if a user navigates to another site or closes their browser, session data must expire after a given time to avoid all server resources being taken up by abandoned sessions. 由於服務器無法知道用戶是導航到另一個站點還是關閉其瀏覽器，因此會話數據必須在給定時間後過期，以避免所有服務器資源被廢棄的會話佔用。 When using session data you should, therefore, be aware of the possibility that data will have expired and been lost, especially on pages with long forms. 因此，在使用會話數據時，您應該意識到數據可能已經過期並丟失的可能性，尤其是在長格式頁面上。 It will also be lost if the user deletes their cookies or switches browsers/devices. 如果用戶刪除其cookie或切換瀏覽器/設備，它也將丟失。

Some web frameworks/developers use hidden HTML inputs to persist data from one page of a form to another to avoid session expiration. 某些Web框架/開發人員使用隱藏的HTML輸入來將數據從表單的一個頁面持久保存到另一頁面，以避免會話過期。

localStorage, sessionStorage, and cookies are all subject to "same-origin" rules which means browsers should prevent access to the data except the domain that set the information to start with. localStorage，sessionStorage和Cookie均受“同源”規則的約束，這意味着瀏覽器應阻止訪問數據（除了設置信息開頭的域之外）。

For further reading on client storage technologies see Dive Into Html 5 . 有關客戶端存儲技術的更多信息，請參閱Dive Into Html 5 。

---

#3樓

These are properties of 'window' object in JavaScript, just like document is one of a property of window object which holds DOM objects. 這些是JavaScript中“窗口”對象的屬性，就像文檔是保存DOM對象的窗口對象的屬性之一一樣。

Session Storage property maintains a separate storage area for each given origin that's available for the duration of the page session ie as long as the browser is open, including page reloads and restores. 會話存儲屬性爲每個給定的來源維護一個單獨的存儲區域，該區域在頁面會話期間（即，只要瀏覽器處於打開狀態，包括頁面重新加載和還原）就可用。

Local Storage does the same thing, but persists even when the browser is closed and reopened. 本地存儲執行相同的操作，但是即使關閉並重新打開瀏覽器也可以保留。

You can set and retrieve stored data as follows: 您可以如下設置和檢索存儲的數據：

sessionStorage.setItem('key', 'value');

var data = sessionStorage.getItem('key');

Similarly for localStorage. 對於localStorage同樣。

---

#4樓

1. LocalStorage 本地存儲

   Pros : 優點 ：

   1. Web storage can be viewed simplistically as an improvement on cookies, providing much greater storage capacity. Web存儲可以簡單地視爲對Cookie的一種改進，從而提供了更大的存儲容量。 If you look at the Mozilla source code we can see that 5120KB ( 5MB which equals 2.5 Million chars on Chrome) is the default storage size for an entire domain. 如果您查看Mozilla的源代碼，我們可以看到5120KB （ 5MB ，在Chrome上等於250萬個字符 ）是整個域的默認存儲大小。 This gives you considerably more space to work with than a typical 4KB cookie. 與典型的4KB Cookie相比，這爲您提供了更多的處理空間。
   2. The data is not sent back to the server for every HTTP request (HTML, images, JavaScript, CSS, etc) - reducing the amount of traffic between client and server. 不會針對每個HTTP請求（HTML，圖像，JavaScript，CSS等）將數據發送回服務器，從而減少了客戶端與服務器之間的通信量。
   3. The data stored in localStorage persists until explicitly deleted. 存儲在localStorage中的數據將一直保留到明確刪除爲止。 Changes made are saved and available for all current and future visits to the site. 所做的更改將被保存，並可供當前和將來對該站點的所有訪問。

   Cons : 缺點 ：

   1. It works on same-origin policy . 它適用於同源策略 。 So, data stored will only be available on the same origin. 因此，存儲的數據僅在相同的來源可用。

2. Cookies 餅乾

   Pros: 優點：

   1. Compared to others, there's nothing AFAIK. 與其他人相比，沒有AFAIK。

   Cons: 缺點：

   1. The 4K limit is for the entire cookie, including name, value, expiry date etc. To support most browsers, keep the name under 4000 bytes, and the overall cookie size under 4093 bytes. 4K限制適用於整個cookie，包括名稱，值，有效期等。要支持大多數瀏覽器，請將該名稱保持在4000字節以下，並將cookie的整體大小保持在4093字節以下。

   2. The data is sent back to the server for every HTTP request (HTML, images, JavaScript, CSS, etc) - increasing the amount of traffic between client and server. 每個HTTP請求（HTML，圖像，JavaScript，CSS等）會將數據發送回服務器，從而增加了客戶端與服務器之間的通信量。

      Typically, the following are allowed: 通常，允許以下操作：

      • 300 cookies in total 總共300個 Cookie
      • 4096 bytes per cookie 每個Cookie 4096個字節
      • 20 cookies per domain 每個域20個Cookie
      • 81920 bytes per domain(Given 20 cookies of max size 4096 = 81920 bytes.) 每個域81920字節 （給出20個最大大小爲4096的cookie = 81920字節。）

3. sessionStorage sessionStorage

   Pros: 優點：

   1. It is similar to localStorage . 它類似於localStorage 。
   2. The data is not persistent ie data is only available per window (or tab in browsers like Chrome and Firefox). 數據不是持久性的，即，僅每個窗口（或Chrome和Firefox等瀏覽器中的標籤）提供數據。 Data is only available during the page session. 數據僅在頁面會話期間可用。 Changes made are saved and available for the current page, as well as future visits to the site on the same window. 所做的更改將被保存，並且可用於當前頁面以及將來在同一窗口上訪問該站點。 Once the window is closed, the storage is deleted. 關閉窗口後，將刪除存儲。

   Cons: 缺點：

   1. The data is available only inside the window/tab in which it was set. 數據僅在設置它的窗口/選項卡內可用。
   2. Like localStorage , it works on same-origin policy . 像localStorage一樣，它適用於同源策略 。 So, data stored will only be available on the same origin. 因此，存儲的數據僅在相同的來源可用。

Checkout across-tabs - how to facilitate easy communication between cross-origin browser tabs. 跨標籤簽出-如何簡化跨源瀏覽器標籤之間的交流。

---

#5樓

OK, LocalStorage as it's called it's local storage for your browsers, it can save up to 10MB , SessionStorage does the same, but as it's name saying, it's session based and will be deleted after closing your browser, also can save less than LocalStorage, like up to 5MB , but Cookies are very tiny data storing in your browser, that can save up 4KB and can be accessed through server or browser both... 好的， LocalStorage就是您瀏覽器的本地存儲，它可以節省多達10MB的空間 ， SessionStorage可以做到這一點，但是顧名思義，它是基於會話的，在關閉瀏覽器後將被刪除，還可以節省不到LocalStorage的費用，例如最大5MB ，但Cookies是瀏覽器中存儲的非常小的數據，最多可以節省4KB，並且可以通過服務器或瀏覽器訪問...

I also created the image below to show the differences at a glance: 我還創建了以下圖像，以一眼看出差異：

---

#6樓

The Web Storage API provides mechanisms by which browsers can securely store key/value pairs, in a much more intuitive fashion than using cookies. Web存儲API提供了一種機制，通過這種機制，瀏覽器可以比使用cookie更爲直觀的​​方式安全地存儲鍵/值對。 The Web Storage API extends the Window object with two new properties — Window.sessionStorage and Window.localStorage . Web Storage API用兩個新屬性擴展了Window對象Window.sessionStorage和Window.localStorage 。 — invoking one of these will create an instance of the Storage object, through which data items can be set, retrieved, and removed. —調用其中之一將創建Storage對象的實例，通過該實例可以設置，檢索和刪除數據項。 A different Storage object is used for the sessionStorage and localStorage for each origin (domain). 每個源（域）的sessionStorage和localStorage使用不同的Storage對象。

Storage objects are simple key-value stores, similar to objects, but they stay intact through page loads . 存儲對象是簡單的鍵值存儲，類似於對象， 但是它們在頁面加載時保持完整 。

localStorage.colorSetting = '#a4509b';
localStorage['colorSetting'] = '#a4509b';
localStorage.setItem('colorSetting', '#a4509b');

The keys and the values are always strings . 鍵和值始終是字符串 。 To store any type convert it to String and then store it. 要存儲任何類型， convert it to String ，然後存儲。 It's always recommended to use Storage interface methods. 始終建議使用Storage interface方法。

var testObject = { 'one': 1, 'two': 2, 'three': 3 };
// Put the object into storage
localStorage.setItem('testObject', JSON.stringify(testObject));
// Retrieve the object from storage
var retrievedObject = localStorage.getItem('testObject');
console.log('Converting String to Object: ', JSON.parse(retrievedObject));

The two mechanisms within Web Storage are as follows: Web存儲中的兩種機制如下：

• sessionStorage maintains a separate storage area for each given origin ^{Same-origin policy} that's available for the duration of the page session (as long as the browser is open, including page reloads and restores). sessionStorage爲每個給定的起源維護一個單獨的存儲區域。 ^同源策略在頁面會話持續時間內可用（只要打開瀏覽器，包括頁面重新加載和還原）。
• localStorage does the same thing, but persists even when the browser is closed and reopened. localStorage可以做同樣的事情，但是即使關閉並重新打開瀏覽器也可以保留。

Storage « Local storage writes the data to the disk, while session storage writes the data to the memory only. 存儲 « 本地存儲將數據寫入磁盤，而會話存儲僅將數據寫入內存。 Any data written to the session storage is purged when your app exits. 應用退出時，將清除寫入會話存儲的所有數據。

The maximum storage available is different per browser , but most browsers have implemented at least the w3c recommended maximum storage limit of 5MB . 每個瀏覽器可用的最大存儲量有所不同 ，但是大多數瀏覽器已實現w3c建議的至少5MB的最大存儲限制。

+----------------+--------+---------+-----------+--------+
|                | Chrome | Firefox | Safari    |  IE    |
+----------------+--------+---------+-----------+--------+
| LocalStorage   | 10MB   | 10MB    | 5MB       | 10MB   |
+----------------+--------+---------+-----------+--------+
| SessionStorage | 10MB   | 10MB    | Unlimited | 10MB   |
+----------------+--------+---------+-----------+--------+

Always catch LocalStorage security and quota exceeded errors 始終捕獲LocalStorage安全性和超出配額的錯誤

• QuotaExceededError : When storage limits exceeds on this function window.sessionStorage.setItem(key, value); QuotaExceededError ：當此函數上的存儲限制超出window.sessionStorage.setItem(key, value); , it throws a "QuotaExceededError" DOMException exception if the new value couldn't be set. ，如果無法設置新值，則會引發“ QuotaExceededError” DOMException異常。 (Setting could fail if, eg, the user has disabled storage for the site, or if the quota has been exceeded.) （例如，如果用戶已禁用站點存儲，或者超出了配額，設置可能會失敗。）

  DOMException. DOMException。 QUOTA_EXCEEDED_ERR is 22 , example fiddle . QUOTA_EXCEEDED_ERR是22 ，例如小提琴 。

• SecurityError : Uncaught SecurityError: Access to 'localStorage' is denied for this document . SecurityError ： Uncaught SecurityError: Access to 'localStorage' is denied for this document 。

   CHROME:-Privacy and security « Content settings « Cookies « Block third-party cookies. 

StorageEvent « The storage event is fired on a document's Window object when a storage area changes. StorageEvent «當存儲區域更改時，將在文檔的Window對象上觸發存儲事件。 When a user agent is to send a storage notification for a Document, the user agent must queue a task to fire an event named storage at the Document object's Window object, using StorageEvent. 當用戶代理要發送文檔的存儲通知時，該用戶代理必須使用StorageEvent在文檔對象的Window對象上排隊執行一個任務，以激發一個名爲storage的事件。

Note: For a real world example, see Web Storage Demo . 注意：有關真實示例，請參閱Web存儲演示 。 ^{check out the source code 查看源代碼}

Listen to the storage event on dom/Window to catch changes in the storage. 監聽dom / Window上的存儲事件以捕獲存儲中的更改。 fiddle . 擺弄 。

---

Cookies (web cookie, browser cookie) Cookies are data, stored in small text files as name-value pairs, on your computer. Cookies （網絡cookie，瀏覽器cookie） Cookies是數據，在計算機上以名稱/值對形式存儲在小的文本文件中。

JavaScript access using Document.cookie 使用Document.cookie的 JavaScript訪問

New cookies can also be created via JavaScript using the Document.cookie property, and if the HttpOnly flag is not set, existing cookies can be accessed from JavaScript as well. 也可以使用Document.cookie屬性通過JavaScript創建新的cookie，並且如果未設置HttpOnly標誌，則也可以從JavaScript訪問現有的cookie。

document.cookie = "yummy_cookie=choco"; 
document.cookie = "tasty_cookie=strawberry"; 
console.log(document.cookie); 
// logs "yummy_cookie=choco; tasty_cookie=strawberry"

Secure and HttpOnly cookies ^{HTTP State Management Mechanism} 安全和HttpOnly cookie ^{HTTP狀態管理機制}

Cookies are often used in web application to identify a user and their authenticated session Cookies通常在Web應用程序中用於標識用戶及其經過身份驗證的會話

When receiving an HTTP request, a server can send a Set-Cookie header with the response. 當接收到HTTP請求時，服務器可以發送帶有響應的Set-Cookie標頭。 The cookie is usually stored by the browser, and then the cookie is sent with requests made to the same server inside a Cookie HTTP header. Cookie通常由瀏覽器存儲，然後將Cookie與在HTTP HTTP標頭內向同一服務器發出的請求一起發送。

Set-Cookie: <cookie-name>=<cookie-value> 
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>

Session cookies will get removed when the client is shut down. 客戶端關閉時， 會話cookie將被刪除。 They don't specify the Expires or Max-Age directives. 他們沒有指定Expires或Max-Age指令。

Set-Cookie: sessionid=38afes7a8; HttpOnly; Path=/

Permanent cookies expire at a specific date (Expires) or after a specific length of time (Max-Age). 永久性Cookie會在特定日期（Expires）或特定時間長度（Max-Age）之後過期。

Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly

The Cookie HTTP request header contains stored HTTP cookies previously sent by the server with the Set-Cookie header. Cookie HTTP請求標頭包含先前由服務器通過Set-Cookie標頭髮送的存儲的HTTP cookie。 HTTP-only cookies aren't accessible via JavaScript through the Document.cookie property, the XMLHttpRequest and Request APIs to mitigate attacks against cross-site scripting (XSS). 僅HTTP的cookie不能通過JavaScript通過Document.cookie屬性，XMLHttpRequest和Request API進行訪問，以減輕針對跨站點腳本（XSS）的攻擊。

Cookies are mainly used for three purposes: Cookies主要用於三個目的：

• Session management « Logins, shopping carts, game scores, or anything else the server should remember 會話管理 «登錄名，購物車，遊戲得分或服務器應記住的其他任何內容
• Personalization « User preferences, themes, and other settings 個性化 «用戶首選項，主題和其他設置
• Tracking (Recording and analyzing user behavior) « Cookies have a domain associated to them. 跟蹤 （記錄和分析用戶行爲）«Cookies具有與之關聯的域。 If this domain is the same as the domain of the page you are on, the cookies is said to be a first-party cookie. 如果此域與您所在頁面的域相同，則該cookie被稱爲第一方cookie。 If the domain is different, it is said to be a third-party cookie. 如果域不同，則稱其爲第三方cookie。 While first-party cookies are sent only to the server setting them, a web page may contain images or other components stored on servers in other domains (like ad banners). 雖然第一方Cookie僅發送給設置它們的服務器，但網頁可能包含圖像或其他域中存儲在服務器上的其他組件（例如廣告橫幅）。 Cookies that are sent through these third-party components are called third-party cookies and are mainly used for advertising and tracking across the web. 通過這些第三方組件發送的Cookie被稱爲第三方Cookie，主要用於在網絡上進行廣告和跟蹤。

Cookies were invented to solve the problem "how to remember information about the user": 發明了Cookies來解決“如何記住有關用戶的信息”的問題：

• When a user visits a web page, his name can be stored in a cookie. 當用戶訪問網頁時，其名稱可以存儲在cookie中。
• Next time the user visits the page, cookies belonging to the page is added to the request. 下次用戶訪問該頁面時，屬於該頁面的cookie將添加到請求中。 This way the server gets the necessary data to "remember" information about users. 這樣，服務器將獲得必要的數據以“記住”有關用戶的信息。

GitHubGist Example GitHubGist 示例

---

As summary, 作爲總結，

• localStorage persists over different tabs or windows, and even if we close the browser, accordingly with the domain security policy and user choices about quota limit. localStorage會保留在不同的選項卡或窗口中，即使我們關閉瀏覽器，也會相應地使用域安全策略和用戶對配額限制的選擇。
• sessionStorage object does not persist if we close the tab (top-level browsing context) as it does not exists if we surf via another tab or window. 如果關閉選項卡（頂級瀏覽上下文），則sessionStorage對象不會持久，因爲如果通過另一個選項卡或窗口進行瀏覽，則該對象將不存在。
• Web Storage (session, local) allows us to save a large amount of key/value pairs and lots of text, something impossible to do via cookie. Web存儲（會話，本地）允許我們保存大量的鍵/值對和大量文本，而這是無法通過Cookie進行的。
• Cookies that are used for sensitive actions should have a short lifetime only. 用於敏感操作的Cookie的壽命應僅較短。
• Cookies mainly used for advertising and tracking across the web. Cookies主要用於在網絡上進行廣告和跟蹤。 See for example the types of cookies used by Google . 例如，請參閱Google使用的Cookie的類型 。
• Cookies are sent with every request, so they can worsen performance (especially for mobile data connections). Cookie隨每個請求一起發送，因此它們可能會降低性能（尤其是對於移動數據連接而言）。 Modern APIs for client storage are the Web storage API (localStorage and sessionStorage) and IndexedDB. 用於客戶端存儲的現代API是Web存儲API（localStorage和sessionStorage）和IndexedDB。