> True. The articles I read however argued that in general cookies are still > more secure and a better choice for security info since, unlike local storage, > you can and should set HttpOnly and thereby at least prevent the Javascript > XSS vectors. That is about the saddest thing I've read in a while. -- Scott