HTML and CSS Reference
As you can see, the Index() action method receives a FormCollection . The hidden field data is then
retrieved and converted into a .NET dictionary using the Json.NET library as before. Once you have the .
NET dictionary ready, you can easily store the survey results in the database just like the SaveResults()
action method discussed earlier.
Security Considerations for Web Storage
When you're using web storage, it's important to be aware of some security aspects. Web storage isn't
intended to store sensitive, secret data. So, you should never store sensitive information such as
passwords, credit card numbers, Social Security numbers, and so on in web storage.
A browser allocates the same storage space to all the data that comes from the same origin. An origin
means a combination of the scheme/host/port of the web site you're accessing. For example, http://www.
domain1.com and http://blog.domain1.com ar e treated as two different origins by web storage. Along the
same lines, http://www.domain1.com an d https://www.domain1.com ar e also considered two different web
sites. This, way malicious code can't trick web storage into storing dangerously huge amount of data. This
same origin policy also prevents malicious scripts from using random subdomains to store unrestricted
amounts of data.
As mentioned, web storage allocates storage spaces on a per-origin basis. However, someone could
use DNS spoofing and pretend access was being attempted by an authentic domain. This way, the browser
might grant malicious code access to that domain's storage area. To prevent such attacks, you can use
Secure Socket Layer (SSL). Once SSL is in place, users can rest assured that the site they're visiting is from
the authentic domain, and the browser will allocate the same storage space to all pages originating from
Web storage allows you to store data on the client machine. It doesn't suffer from the limitations of cookies
and allows a reasonable amount of data to be stored on the client machine. The two objects
sessionStorage and localStorage store key-value pairs of string data. sessionStorage can store data only
for the current browser session, whereas localStorage can store data across browser sessions.
Web storage isn't transmitted to the server automatically with each request. You need to devise a
programmatic approach such as Ajax calls or a hidden form fields to send web storage data to the server.
Web storage deals with data that is used in a live web application. The next chapter delves into
another feature—offline applications—that lets you work with your web applications offline.