There's a problem with that - two instances of the browser on the same site share localstorage so in Michel's scenario where a user logs in using different credentials both instances will see the last logged in information.

>There is a current movement to get rid of cookies all together and use HTML5 local storage. Google, among others, seems to leaning this way.
>
>Just something else to think about and I don't know how it will apply to the original question in this thread.
>
>
>>I think MS missed the boat by using the mangled URL as alternative. Having the cookie stored within normal payload data would have been better - even down to allowing new, encrypted non-diskable cookies to be updated via HTTPS:// rest without breaking too much other architecture.