Alternative to HTTP Cookies?

One of the Fundamental principals of REST, and I mean real REST is not to store state on the server, if there is no state on the server, then there is no need for a cookie to be used as a key to look that state up.


You need secure cookies with cookie prefixes. Cookie prefixes __Secure-* and ___Host-* secure your cookies by ensuring that they are only set by and sent over secure connections preventing cookie sniffing and man-in-the-middle attacks.

For additional security you could force your users to only log in from a whitelist of specific IP addresses.


There are MANY (2021 updated):

I believe the information in this resource from google and/or this link will help you to find alternatives for saving information on the client-side.

Basically... there are currently 4 different ways to store data on client-side without using cookies:

  1. Local Storage (Session and Local key/value pairs)
  2. Web SQL (my favorite, it's a whole SQL Database, and it's NOT obsolete)
  3. IndexedDB (another Database with different structure and acceptance)
  4. Service Workers (Persistent background processing, even while offline, can asynchronously save files and many other things)

I believe that for your specific need the Local Storage pairs are the easiest solution.

Tags:

Cookies