As you know, IndexedDB and Cookie are both used for persistent storage on web browser.

Cookie-related security task has some aspects, which are Session Fixation or Session Hijacking. Attackers often use the below methods to achieve these.

• Cross-site Scripting (XSS)

• Cross-site Request Forgery (CSRF)

• Man in the Middle (MitM)

I've been doing some research about IndexedDB security. However, there are not so many documents about this stuff.

My questions are:

• When I use IndexedDB instead of cookie, will I face the same security tasks? Why?
• How can I make IndexedDB more secure?

When I use IndexedDB intead of cookie, will I face the same security tasks? Why?

Consider that a cookie is sent to the server with the request whereas IndexedDB is only read once a page has loaded.

If you DO find some resources where people more knowledgeable than me have discussed the issues you raise please respond with them here.

One key disadvantage of IndexedDB (and any other client side storage) is that you can set httpOnly on a cookie and it'll only be sent in requests (not accessible to JavaScript with document.cookie).

With any client accessible storage (including cookies without httpOnly) you can be vulnerable to malicious JS on your page (XSS) stealing them (up to you and your threat model whether you're concerned about malicious JS).