Sessionstorage is a temporary holder within the browser that lasts from page to page but not across tabs or browsers or sessions or domains. When you close the tab or browser the information goes away.

Sessionstorage is not safe from Cross Site Script attacks, but 3rdKey.com doesn't allow any scripts from other domains on any of our pages, so that's not an issue.

We put the 3rdKey and the Diffie-Hellman secret key in sessionstorage so that other tabs and browsers can not see them, and can't decipher the communication between your browser and the server.

But more importantly, only the browser can access sessionstorage, which, in combination with the 3rdKey, prevents a Man In The Middle attack.

Differences between cookies and sessionstorage