Proper method for storing user data on the client side in react for authentication

Question

0.00/5 (No votes)

See more:

I'm working on a React project where I need to store logged-in user information, such as their name, avatar, user_id, and more, on the client side. I'm looking for advice on the best practices and techniques for achieving this securely and efficiently. Additionally, I'm curious to know how larger platforms like Twitter and Facebook handle this aspect. Any insights or recommendations would be greatly appreciated. Thank you!

What I have tried:

I've been researching different approaches to store user information on the client side in my React application. I've considered using browser storage options like localStorage and sessionStorage, as well as exploring state management libraries like Redux. I've also looked into JSON Web Tokens (JWT) for authentication.

I was hoping to find clear guidelines or best practices for securely storing user information on the client side, ensuring data privacy and integrity. Additionally, I'm curious about any patterns or strategies that tech giants like Twitter and Facebook might employ in this context. It would be great to gain insights from the community on the most effective and efficient methods for handling user data on the client side within a React application.

Posted 17-Aug-23 19:46pm

Muhammed Muflih

Updated 19-Aug-23 10:08am

Deeksha Shenoy

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2023-08-17T19:59:00

Storing anything like that client side means cookies - and that means two things:
1) you need to get permission first, just like every other site that won't shut up until you let them store cookies on your machine.
2) It's not particularly secure, though you can use Secure cookies[^] which improve it a little, any form of "local storage" is intrinsically less secure than a system where such info never leaves the server.

Most sites don't store personal info on the client: they store it on the server and store a key value on the client which allows them to access the user info on the server when needed - in your case, the user_id is probably the best choice.

Remember, all personal info is covered by GDPR, and the fines for taking insufficient care can be staggeringly huge!