In fact, everything is simple. Cookies are for the server, localstorage is for the client. If the information you're going to store is only needed on the client, there's no point in running cookies back and forth on every request to the server. If some information is constantly needed by the server, use cookies.
In addition, a cookie of 4kb is allocated, on localStorage - 5mb.
There are no pitfalls, if there is no need to support the old ones - use it safely. caniuse.com/#search=localstorage
As for disabling: the user can prevent localStorage from being used proactively. In practice, I have not come across this, I think that they purposefully do this even less often than disabling cookies.

I’ll add to what has already been written above:
Cookies can be set on a second-level domain and it will be available in subdomains, and localStorage is tied only to the full domain.
Also note that safari has a special mode where any attempt to write something to localStorage will result in a script error. This mode is not often used, so it is better to add handling for this error.
So, use what works best.

Pros:
localStorage cannot be disabled.
localStorage will live forever unless you or the user deletes it (or the computer burns down) ) .
Using localStorage is easier

document.cookie = "a=b"; // Добавляем куки
document.cookie = "a="; // Удаляем куки
// ??? Скачиваем функцию для получения куки

localStorage.addItem("a", "b");
localStorage.removeItem("a");
localStorage.getItem("a");
// или
localStorage.a;

everything that is stored by the user, the user can disable

there are no stones at localstorage

local storage