javascript - Where is redux store saved?

Question

I was looking into how secure a redux application can be, I am storing certain values in redux store i.e. user token etc.. and tried to see if someone else could gain access to them via an xss attack for example, I checked sessionStorage, localStorage, cookies and it is not there, as well as it is not inside my app.js file (my bundle file), hence my question.

Answer 1

Was just about to answer How does React and Redux store data? Is it localstorage or cookies? when it got closed as a duplicate. So I wanted to paste my answer here.

Answer

First off, it's worth noting that UI libraries don't actually manage state (other than component-level state). ReactJS and VueJS expect you to pass data to them like you would pass parameters to a function. They aren't concerned with where this data came from or how you're storing it.

Redux, on the other hand, is not a UI library -- it's a state management library. Redux does store state. The VueJS corollary to Redux would be "Vuex".

With that out of the way, the next thing you need to know is that there's a difference between state management and state persistence. Libraries like Redux and Vuex usually keep track of your variables and provide tools for changing state (reducers, specifically) - but they don't manage the persistence of that state. Persistence refers to saving the state somewhere to reload it the next time someone comes to your app - and seems to be what you're curious about (since you mentioned cookies and Local Storage)

Persistence is usually coded by hand (send the state to an API endpoint which saves it to a database, then when you reload the page you ping a different API endpoint to retrieve the state) or you utilize a plugin / module for your state manager to handle persistence for you. For example, there's a popular Redux Local Storage plugin called (trivially enough) redux-localstorage