Is HTML5 Local Storage Data Stored Seperated By Domain

I have tried looking around about HTML5 Local Storage but I can't seem to find a straight answer. Does the Local Storage store its objects based on Domain like cookies? If so how

Solution 1:

From the spec:

User agents must throw a SecurityError exception whenever any of the members of a Storage object originally returned by the localStorage attribute are accessed by scripts whose effective script origin is not the same as the origin of the Document of the Window object on which the localStorage attribute was accessed.

You cannot access data stored in localStorage from any domain other than the one that stored it there. It follows the same model as the XMLHttpRequest - the "same origin policy".

Solution 2:

If so how do I access it from another domain?

You cannot.

LocalStorage data is created based on the domain of the web page. That data is then only accessible from web pages under the same domain.

Here is why this is a good idea: Would you want a site like hackerz.pwn to be able to read/write/remove this?

Example (page on www.yourbank.com):
window.localStorage.setItem("user_session",  "1234567");