Web Storage API
The simplest client-side persistence. Used everywhere for auth tokens, user preferences, feature flags, and cross-tab state. Know the 5 MB limit, synchronous blocking, and origin scoping rules.
What It Defines
Defines localStorage and sessionStorage: synchronous key-value stores scoped to origin. localStorage persists across sessions, sessionStorage is per-tab. Also defines the StorageEvent for cross-tab communication.
Canonical (Normative)
Convenient (Practical)
Maintains the living standards for the web platform: HTML, DOM, Fetch, URL, Streams, and more. These are continuously updated living documents, not versioned snapshots.
Related Specs
The spec behind every HTML page, form, and browser API. The canonical reference for how browsers actually parse and process HTML.
The only serious client-side database in browsers. Required for offline-first apps, large dataset caching, and any storage that outgrows localStorage's 5 MB or needs indexed queries.
Sessions, auth tokens, tracking, and CSRF defenses all run through cookies. Know SameSite, Secure, HttpOnly, and domain scoping to avoid security bugs.