What is the difference between cookies, local storage, and session storage?

What is the difference between cookies, local storage, and session storage?

7 months ago
João Bruno Soares
10 minutes

While internet cookies, commonly referred to as just "cookies," are widely recognized today, some companies also use Local Storage and Session Storage as other methods used by programmers to store persistent information in a visitor's browser. However, what's the main difference between cookies and local storage, and why choose one over the other? This article will help you with these questions!

As mentioned earlier, Cookies, Local Storage, and Session Storage are methods used through programming languages to store information in a website visitor's browser.

In other words, they store information in your browser about your access and how you navigate the website. Many of these have been used maliciously, even capable of storing all the information entered in text fields in forms, for example.

Relax, cookies and local storage aren't synonymous with invasion of privacy.

Few people know that cookies were originally developed by hackers to capture people's data on the internet. Later, this technology gained a commercial purpose and is now widely used across the web.

Before you get alarmed or want to reject all internet cookies and storage, remember, they make your life much easier.

Thanks to them, your products stay in the shopping cart when you switch tabs or go back to the store to add more items.

They keep a pre-filled form in case there's a connection glitch, preventing you from starting over.

And they also welcome you by recognizing your previous access, without needing to log in to your account hundreds of times a day.

What are the Key Differences Between Cookies, Local Storage, and Session Storage?

Now that we've discussed the similarities, let's delve into the differences using three main criteria: storage capacity, storage location, data persistence, and performance.

- Storage Capacity

This capacity usually varies between browsers. In general, cookies can store up to 4096 bytes or 4KB, while Local Storage can handle 5MB, and Session Storage ranges from 5MB to 10MB.

Moreover, there's a maximum limit on the number of cookies per domain, and it's not recommended to exceed 30 cookies.

Some browsers, such as Opera, will prompt the user to allow more data usage when this limit is reached.

- Storage Location

Cookie information is stored in both the browser and the originating server of the referenced service.

Local Storage and Session Storage use only the browser as the storage location for data.

- Data Persistence

Data persistence refers to HOW and WHEN the stored information is deleted, erased, or invalidated.


Cookies have an expiration date, causing the stored information to become invalid and outdated when that date is reached. However, whenever a visitor deletes cookies from a website, that information is also removed from the browser.

Some browsers automatically clear cookies periodically, and you can usually configure this in settings.

Learn how to clear cookies and browser cache.

Today, due to privacy regulations like LGPD, GDPR, and CCPA, websites using these trackers must inform their visitors of their existence using a cookie banner. This technology, called a CMP (Consent Management Platform), must then block cookies based on user consent.

To learn all about GDPR, CCPA, and LGPD, we have this article for you.

Local Storage

Local Storage has no expiration date, so the information persists in the browser until the user performs a cleanup and deletion. Additionally, there are fewer browsers that offer features to block or periodically delete Local Storage data.

Regarding privacy regulations, especially GDPR, the same obligation to inform its usage applies to Local Storage. Therefore, when choosing your cookie banner, ensure that it also lists third-party tracker Local Storage used on your site.

To learn more about how a CMP works, here's an article to help you understand.

Session Storage

In Local Storage, information remains stored until a deletion is performed. However, in Session Storage, the information is automatically deleted whenever the visitor leaves the site or closes the browser tab.

This is the main difference between Local and Session Storage.

- Performance

To analyze performance between web storage (Local and Session) and cookies, a highly technical language would be necessary. However, let's try to simplify the facts.

Every website has a visually coded part connected to a server. The server keeps the site online, and when someone accesses that URL, it operates those visual settings and responds to interactions on the screen.

This interaction is performed by the browser (Chrome, Safari, Opera, Brave...)

If your browser has cookies from that site, in addition to communicating with the site's server, it must also await the server's reading of those cookies and their respective servers. This is because there may be cookies from that specific site and cookies from third-party companies installed.

Therefore, when using cookies, all requests you make to the site also depend on sending cookie information to your origin server and then to the site. Hence, simply using a cookie in your application consumes a bit more "bandwidth" and "data" to read and execute it on the site, and present it in the browser.

In contrast, Local and Session Storage do not require this triangulation between servers, resulting in less bandwidth needed for the site to respond to the information contained in web storage.

How to Create a Consent Strategy as the Legal Basis for LGPD?

Want to learn more about how a LGPD cookie banner works? In this link, I explain the step-by-step of the technology developed by AdOpt and used on thousands of websites.

After all, if your site uses cookies, you can't simply ignore LGPD. You need to choose a strategy to avoid the fines associated with this new legislation.


Legal basis
Data Protection Officer - DPO

Related posts

Adopt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Adopt post

Tips on how to notify users after a change on the Terms of Use.

Terms of Use are quite literally the contract established between you and the company offering that product or service in a digital manner. Therefore, not only their development but also any eventual changes require careful consideration.

Adopt post

ROPA in LGPD? Get to Know the Records of Processing Activities.

Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them are imported from other countries and regulations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.

Adopt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

Adopt post

Why Give Consent on Every Website I Visit?

Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.

Adopt post

GDPR and Cookies all you need to know

Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.

Adopt post

GDPR Legal Basis: An Introduction

In this article, we'll explore the GDPR foundations and provide practical insights from the basics to more advanced concepts of its legal basis.

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Adopt post

The Impact of Cookie Banners on Your E-commerce - LGPD

Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.

Adopt post

What is a CMP (Consent Management Platform)?

A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.

Adopt post

We've created a cookie banner plugin.

The WordPress platform powers nearly 450 million websites globally, and it's estimated that 50% of Brazilian websites are on this platform. We are ready to help you, WP lovers!

Adopt post

How to Choose a CMP (Consent Management Platform)?

Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...

Adopt post

LGPD: An Opportunity for Digital Marketing Agencies!

Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.

Adopt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

Adopt post

10 Marketing Processes You Should Rethink under the LGPD!

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

Adopt post

The Differences Between Data Controller and Data Processor - LGPD

Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.

Adopt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

Adopt post

Data Mapping or Data Inventory - a life jacket for the DPO!

With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.

Adopt post

What is a privacy policy?

While it's not exactly breaking news, discussions about privacy policies have been popping up more frequently since the start of GDPR in Europe. And despite it seeming coincidental, it's not!

Adopt post

Responsibilities of a data protection officer.

Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love