Fork me on GitHub

Local storage has a risk of XSS. A better option is to use cookies but you need to set the httpOnly flag, send over SSL and only to the same site you served the client application from. That scenario may or may not be a situation you're deployment supports .

👍 4

FWIW this post seems to disagree that it's more secure.