My concern with using localStorage.has_paid isn't a malicious user trying to cheat, but a legitimate user loosing their has_paid status, which bring up the larger issue that you are saving the user data in the mysterius localStorage, and how many people know where that is, or that erasing your history will delete it, or any other thing that could go wrong.<p>Also,isn't saving key-value pairs on a per user bases a common enough problem to have already been solved. It would involve one blackbox program on the server, the javascript could be as simple as:<p>serverStorage.login(username, password)
serverStorage.getValue(key)
serverStorage.function setValue(key,value)