如何为多个用户处理localStorage？ [英] How to deal with localStorage for multiple users?

问题描述

如果您想在 localStorage 中存储依赖于用户的数据（例如，因为多个用户可以为您的网站使用相同的浏览器），您通常如何处理在这种情况下？

In the event that you want to store user-dependent data in localStorage (e.g. because multiple users can use the same browser for your site), how do you typically deal with this scenario?

让我们想象一下，我能够识别出一个类似于唯一 userId 的用户前端方面。我可能会做类似以下的事情：

Let's imagine that I am able to identify the user with something like a unique userId on the front-end side. I would probably do something like the following:

// retrieve the data
data = JSON.parse( window.localStorage.getItem( userId ) ) || {};

// persist the data
window.localStorage.setItem( userId, JSON.stringify( data ) );

这是一种天真的做事方式吗？

Is this a naive way of doing things?

编辑：
根据@MДΓΓБДL及其他评论稍加考虑之后，让我们假设数据是敏感的。在这种情况下，上面的例子确实是天真的。在这种情况下如何处理敏感数据的任何想法？或许是答案：不要这样做，把它保存在后端？

After giving it a little bit more thought as per @MДΓΓ БДL and other comments, let's assume the data is sensitive. In that case the above example indeed is naive. Any ideas on how to deal with sensitive data in this case? Or is the answer perhaps: don't do it, save it on the back-end?

推荐答案

敏感数据应该相当多永远不会存储在客户端上。除非您能保证计算机的物理安全性和/或保证该计算机上的登录用户只能使用计算机（两者通常都不正确），否则不要将敏感信息存储在计算机上客户端，如果你可以避免它。

Sensitive data should pretty much never be stored on the client. Unless you can guarantee the physical security of the computer and/or guarantee that the logged in user on that computer will only ever be the one using the computer (both of which are usually NOT true), then don't store sensitive information on the client if you can avoid it.

将敏感信息存储在服务器上并在向浏览器提供该信息之前需要适当的登录凭据要安全得多。然后，您可以控制服务器上数据的物理安全性，并防止任何用户访问不属于他们的数据。此外，您可以使用SSL保护它在飞行中。

It is much, much, much safer to store sensitive information on the server and require appropriate login credentials before providing that information to a browser. You can then control the physical security of the data on your server and prevent any users from accessing data that isn't theirs. Further, you can protect it in-flight with SSL.

如果您真的想在本地存储一些仅供一个用户和一台计算机以及一个浏览器使用的内容在计算机上，您可以提示输入密码并使用该密码加密/解密存储在本地存储中的数据。除了临时离线活动之外，我目前还不确定为什么这会比将其存储在服务器上更好的用户体验，无论用户如何访问互联网，都可以使用该服务器。在移动访问，平板电脑访问，笔记本电脑访问等方面......似乎趋势更多的是将内容存储在云中，以便给定用户可以通过他们可能使用的任何互联网访问方式访问他们的数据而不是要求他们使用完全相同的计算机。

If you really want to store something locally that is only available to one user and one computer and one browser on that computer, you could prompt for a password and use that password to encrypt/decrypt data that was stored in local storage. Except for a temporary off-line activity, I'm currently unsure why that would be a better user experience than storing it on a server where it can be available to that user no matter how they access the internet. In these days of mobile access, tablet access, laptop access, etc... it seems that the trend is more to store stuff in the cloud so a given user can get access to their data via any internet access means they might use rather than requiring them to use the exact same computer.

这篇关于如何为多个用户处理localStorage？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！