Using SessionStorage for Some User Info
I have an application that currently keeps a few properties from a user's profile in session storage for the app to use when necessary. We don't keep sensitive data like username or password or ssn in session storage, but we do keep properties like the user's branch there. And the app uses the branch info to load certain data, while excluding other data. For instance, if a user's branch is "New York" then we load data relevant to that branch.
To clarify further, this is an in-house app -- behind a VPN -- so only employees will be using the app. And we let them temporarily change their branch in the app itself if, for instance, they're in the New York branch but want to see data from Los Angeles.
Is using session storage like this considered a reasonable practice, or should something like this always be stored in something like JavaScript storage? I have one colleague who seems to think this should definitely not be in session storage, but I'm not sure that's the case here. Is this considered a major no-no in this kind of use case? Or could this be considered a reasonable usage of session storage?
