Save data on the client side

configuration

#1

Hi all,

I come from using other technologies and I do not know if in the play framework it is possible to store local data on the client side. For example, you can use cookies but I do not know if there are more alternatives and I can not find documentation about cookies in play framework on the web.

The idea of storing local data is for example to load some data that the user has already used (accounts with which he has logged in, …) or for temporary saving data to prevent loss of data if something fails.

Thanks

Regards


(Marcos Pereira) #2

Hey @fabian,

Client-side data storage is done entirely on the client side, using JavaScript and client-side APIs. This is why you won’t find any information about this on our docs. See the following article to understand better how it works:

If you are feeling adventurous, see also Service Workers and Progressive Web Apps. But again, they are both out of the scope of what Play offers.

Best.


#3

Thank you very much again for responding. There are many things that integrated in a correct way make the application is much above the others in certain aspects.

About localStorage and SessionStorage I have read different articles that say they are insecure and should not be used as for example to store access credentials to the web for a direct access after a first login.

These articles were a bit old and I do not know if they are still insecure or if there are other techniques to store this data safely.

IndexedDB seems very powerful to store more complex data.

Can storing the data with these techniques on the client side be dangerous in terms of security? For example If sensitive information is stored as passwords to access the web (login)

Regards


(Patrick Li) #4

I do not think storing sensitive information such as passwords on the client side would be a good idea generally. But other kind of data would be ok, such as a list of accounts the user has access to (assuming you do not include account passwords, etc… there). As @marcospereira suggested, there are many client side technologies you can use. We use React + Redux to keep state data (non-sensitive) on the client side, so users do not have to hit the backend for data they already have retrieved. But again, these are all non-Play related technologies.