Any opinions on this article? https://www.rdegges.com/2018/please-stop-using-local-storage/

It’s a balance. I do cookie storage for pretty much everything on web apps but local storage does have a place

yeah, it seems that secure cookies are much better. I have not gone through coding them yet.

Very easy to implement

ok good

I think someone wrote a small lib to make it even easier, too.

react-cookie

or

react-cookies

, I believe

yeah I took a quick look at react-cookie

if you're using cookies then make them http only and don't use them from js

yes, I've read about that. I just don't have my head fully around how to implement this.

Here’s a decent article: https://scotch.io/@PratyushB/local-storage-vs-session-storage-vs-cookie

ok, cool thanks. 🙂

like if you use them from js you can also just use localstorage

I agree with @harmony though. Server side implementation is a much safer and better way. I shared those articles more for context 😄

yeah, my understanding is that it has to come from the server.

I’m not sure. I’ve never used it or read any docs on it

ok

With the advent of CSP, this debate really is moot. Spend several hours learning it and build solid content security policy... Then let the browsers handle XSS. If I'm worried about third party JS being hacked, then I either have the wrong partners or I should self host the file.

imo you should always self host