Sensitive data stored in HTML local storage detected.
- Rule ID: javascript_session
- Languages: javascript
- Source: session.yml
Description
Sensitive data should not be stored in a localStorage session. This policy looks for any sensitive data stored within the localstorage.
Remediations
It's best to avoid storing sensitive data in localStorage whenever possible. To keep session data safe, use a server-based session storage solution instead.
❌ If you do need do store data in localStorage, avoid including sensitive data:
localStorage.setItem('user', email)✅ Instead, use a unique identifier:
localStorage.setItem('user', user.uuid)