This depends a bit on the level of control that you have over what is in the javascript included on your page. If all you are ever going to have is your own JS and you don't use any third-party frameworks or libraries, then the local store is fine.
If you think you might ever use an external library, though, you might need another method. An interesting one I've seen revolves around the use of httpOnly, digitally-signed cookies with embedded session tokens.
I found a very comprehensive write up about the problem and solutions here:
Please Stop Using Local Storage - DEV Community[
^]