Alternative to HTTP Cookies?

Question

They say Cookies are bad. I personally believe there should be a "smarter" way to detect the state of a user on a web app.

Say, currently this is how it works i

Answer 1

You need secure cookies with cookie prefixes. Cookie prefixes __Secure-* and ___Host-* secure your cookies by ensuring that they are only set by and sent over secure connections preventing cookie sniffing and man-in-the-middle attacks.

For additional security you could force your users to only log in from a whitelist of specific IP addresses.

Answer 2

One of the Fundamental principals of REST, and I mean real REST is not to store state on the server, if there is no state on the server, then there is no need for a cookie to be used as a key to look that state up.

Answer 3

I believe the information in this resource from google and/or this link will help you to find alternatives for saving information on the client-side.

Basically... there are 4 different ways to store data on client-side without using cookies:

1. Web SQL (my favorite, and it's NOT obsolete)
2. IndexedDB (another Database with different structure and acceptance)
3. Web Storage (Session and Local key/value pairs)
4. Application Cache (Files for WebApps)

I believe that for your specific need the Web Storage Local pairs are the right solution.