PC's, Firefox, Javascript, WebPages saving data??

[GlennSprigg]

When you have something like a JavaScript App running on a WebPage, and it needs to store user-data, it gets confusing!
It is stored (un-securely) on your hard-drive, through various self contained 'modules' that pass info back & forward to each other.
An original piece of JavaScript on the page, may say something like...
let check2 = localStorage.getItem(randName);
let check1 = localStorage.getItem(strName);

In the above example, this is how it may get some user info back from what was saved, however, 'localStorage' is all JavaScript knows!
From there, the actual Browser you are using, (FireFox in this case), *Interprets* that Word in it's own way, in regards to where it is
actually going to or coming from! And then in fact passes what 'it' want's to do to 'Windows' for the actual writing/reading. (Sigh..).

An unfortunate side digression first though!!!... FireFox stores virtually all it's user data, including such data above, along with the likes
of Bookmarks, History, Cookies etc etc, in a master DataBase file called 'webappsstore.sqlite'. The actual location of this file, is...
C:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\xxx xxxxx.default-release
This causes confusion, because firstly, it is not in \AppData\Local, but in \AppData\Roaming !! (Do not confuse with 'local' above!).
Now, notice in the 2nd line above, the last Sub-Directory name after \Profiles\. the 'xxxxxxxx' is a user-specific random name, and yours
will be unique! NOW, prior to a certain version of FireFox, that final sub-directory WAS called 'xxxxxxxx.default' , and you 'may' still see that
present too under \Profiles\, but all later versions of Firefox now have the new sub-directory 'xxxxxxxxx.default-release' . And THAT is the
one that is current! (The word 'release' now refers to the standard release, as opposed to a 'nightly' or 'debug' version).

OK, so that's where all this user data is stored... So how can you view the contents of this '.sqlite' file?? Luckily, the best software for this
is FREE, called DB Browser for SQLite from https://sqlitebrowser.org/ Here, it gets a bit funny though with FireFox!!... (Sigh, again).
The main DataBase Fields are 'originKey, scope, key, value' , similar to the system registry. Now the first two of those, are basically showing
you what WebPage they are relevant to, BUT FireFox reverses the order of the letters, to make things easier to Index/Find !! So...
If it was for example, 'microsoft.com', it will show up when filtering/searching the column results as 'moc.tfosorcim.' (With a dot at the end).

Have fun!!  My little brain didn't have to learn this, but I wanted to know where/how user info was saved/stored from certain pages!!   

[newbrain]

Thanks, interesting tidbit.

it is not in \AppData\Local, but in \AppData\Roaming

Yes, that's the correct place, in short:
Local (should) contains things strictly tied to the specific machine.
LocalLow, the same, but used by processes with lesser access rights.
Roaming: it's the stuff a server might want to cache so that one can login from any machine (so 'roaming') and retain your applications settings, status etc  - or you can copy it yourself.

[dferyance]

Naturally, it gets more complicated from there. Web pages often store data for your user or session on the server itself. Good luck trying to find that. There is also cookies and IndexedDB. Plus all sorts of tracking methods such as detecting if the browser has a url cached.

It isn't too unusual that the data isn't encrypted. It is stored with your user account so NTFS permissions protect it and disk encryption too. Fundamentally when storing encrypted data there is the whole problem of where to store the key. You need the key to access it but then if you store in the same place as the data, someone who has access to the data will have access to the key as well.