Storing Credentials in Local Storage

Question

Could I securely use local storage instead of cookies to store session credentials?

Would I need to store an encrypted hash??

EDIT: Would this be secure eno

Answer 1

If you're going to use localStorage instead of cookies, you can make things more secure than cookies. That's because you don't need to send a session id to the server with each request, making it a bearer token. Instead, you can store a user secret on the client side in localStorage, and use it to sign your requests in addition to the corresponding public key being sent down and used as the session id. This way, no one on the server side or proxy can fake your requests.