Can HTML5 sessionStorage be written to disk?

(Related to Is there a secure Browser Cache? ):

Do any of the implementations of HTML5 session storage write to disk ever?

e.g. can I rely on having a "secure"/"private" cache that I know will not be able to persist beyond the browser session whether it

  • times out
  • is ended/logs out
  • browser closes/crashes/power button on computer



Safari uses SQLite, and probably other will follow suite with that solution. As for the standard it says:

Quote: The lifetime of a browsing context can be unrelated to the lifetime of the actual user agent process itself, as the user agent may support resuming sessions after a restart.

This means that it is likely to get stored on disk, which means if someone really wanted to snoop they could check the deleted file and restore it, as you do when with recovery software.

However I, personally, hope they also support in memory-only temporary storage, but that's not in the specs right now, so it might get left out.

Edit: I said "hope" in my last sentence there, but that "hope" goes along with an email I sent to the consortium concerning this issue, so I "hope" they take my suggestion into account. After we all have a say in determining standards, so please make your voice be heard, no one, or team, is perfect and all these standard consortiums are actively looking for feedback.

Need Your Help

Skip basicAuth for one route

javascript node.js express connect http-authentication

I'm using node, express and connect for a simple app and have basic HTTP auth implemented as follows (lots of code left out for brevity):

How to get AppID based on valid AccessToken and/or Facebook.FacebookClient object

facebook facebook-graph-api facebook-c#-sdk

I'm logged in using to my own Application using C# Facebook SDK and I can read/write/delete all data I need.