Scope of sessionStorage and localStorage

A

2

117

I read some documentation on sessionStorage and localStorage, but I don't understand what the scope is: the domain, a specific page?

For example, if I have the following pages:

http://example.com/products.aspx?productID=1

http://example.com/products.aspx?productID=2

http://example.com/services.aspx?serviceID=3

And if on each of the above pages I run (with idvalue being the value in the querystring):

localStorage.setItem('ID',idvalue);

Am I going to end up with 3 different values stored, or are the values going to overwrite each other?

Aerobe answered 16/3, 2012 at 18:8 Comment(0)

R

105

The values are going to overwrite each other. Each key-name pair is unique for a protocol and domain, regardless of the paths.

The affected domain can be changed via the document.domain property.

sub.example.com -> example.com is possible (subdomain)
sub.example.com -> other.example.com is not possible

References:

MDN: Web Storage API: "sessionStorage maintains a separate storage area for each given origin [...]"
MDN: Origin: "Two objects have the same origin only when the scheme, hostname, and port all match."

Revolution answered 16/3, 2012 at 18:11 Comment(6)

Thanks! Would you have a reference to recommend, that explains localStorage in detail? – Aerobe 16/3, 2012 at 18:27

@Aerobe MDN: Storage and W3c: Web Storage. – Revolution 16/3, 2012 at 18:30

well, even after reading the MDN page I still can't find the answer to my question... Anyway, thanks again! – Aerobe 16/3, 2012 at 18:37

@Aerobe I have verified my statements a while back by viewing the sqlite(3) database called webappsstore.sqlite in my Firefox profile directory, using query SELECT scope FROM webappsstore2;. The result is the reverse of the domain, followed by the non-reversed protocol, and sufficed with the port, eg: gro.allizom.snodda.secivres.:https:443. As you can see, there's no mention of any path. – Revolution 16/3, 2012 at 18:44

Here's documentation of the document.domain API mentioned: html.spec.whatwg.org/multipage/… – Claman 10/2, 2017 at 15:40

The MDN: Web Storage API doc does now specify: "sessionStorage maintains a separate storage area for each given origin [...]", where the "origin" is as defined here: MDN: Origin - i.e. sessionStorage and localStorage are partitioned by scheme + hostname + port – Claman 26/5, 2023 at 15:3

M

165

Session Storage:

Values persist only as long as the window or tab in which they stored.
Values are only visible within the window or tab that created them.

Local Storage:

Values persist window and browser lifetimes.
Values are shared across every window or tab running at the same origin.

So, by reading and understanding this each key-value pair is unique for each domain, because local storage persist values across window or tab.

Moselle answered 20/3, 2012 at 10:27 Comment(3)

Thanks. Could you share the link to this reference? – Aerobe 20/3, 2012 at 15:33

Link above is now Defunct this is another great resource: sitepoint.com/an-overview-of-the-web-storage-api – Armandarmanda 26/12, 2013 at 20:21

The conclusion may be correct, but not the reasoning. Even if the storage were per-page, it could still persist across windows/tabs. – Wallywalnut 18/7, 2015 at 20:25

R

105