Storing Credentials in Local Storage

Question

Could I securely use local storage instead of cookies to store session credentials?

Would I need to store an encrypted hash??

EDIT: Would this be secure eno

Answer 1

You server shall generate some token - unique (for the server) piece of data that cannot be used to discover username/password. Only that token can be stored on user's machine in any form. Neither localStorage nor cookie are secure. So the same rules applied to them in this respect.

You should have some means to expire such token otherwise once stolen such token can be used instead of real credentials.