Can user modify the values of variables stored in sessionStorage

I'm using client-side JavaScript to store some variables using Web Storage, more specifically, the sessionStorage.

But I'm not sure whether a user can simply modify the value of such variables in any way? If so, please provide an example of how this could happen.

Yes, users can always modify the values of their own storage. I can think of three ways right off the bat:

• use web browser console to run JS commands that modify storage
• setup client-hosted site with client-specified DNS to run their own code that modifies storage
• open the local storage files and manually edit them

What's important is that you don't trust client storage. If you're going to store session information on the client, then you need some way for your server-side code to verify that the information hasn't been tampered with. There are other reasons you may not want to store this information on the client side (privacy, for example), but assuming you've thought through those, you still need to make sure you either trust the client's data or that you make sure trust isn't necessary.