Local Storage vs. Cookies for session data?


#1

So I put together my first authentication / authorization system using ember js with a Rails backend. Woa that was freaking rough. Anyways, my question is what are the benefits of using cookies over the local storage adapter?

I’m using CORS, in which case both approaches are vulnerable to something like an XSS attack, seeing as both can easily be accessed by javascript.

My current setup keeps an authentication token in local storage indefinitely (or until the user logs out / clears local data). This way it can be grabbed if a user refreshes or closes their browser. I’m aware of the vulnerability on shared computers, but for now its quite functional and I would be using a permenant cookie anyways.

What is the community’s opinion on this? What are the cons of local storage?