(Related to Is there a secure Browser Cache? ):
Do any of the implementations of HTML5 session storage write to disk ever?
e.g. can I rely on having a "secure"/"private" cache that I know will not be able to persist beyond the browser session whether it
- times out
- is ended/logs out
- browser closes/crashes/power button on computer
See
Safari uses SQLite, and probably other will follow suite with that solution. As for the standard it says:
Quote: The lifetime of a browsing context can be unrelated to the lifetime of the actual user agent process itself, as the user agent may support resuming sessions after a restart.
This means that it is likely to get stored on disk, which means if someone really wanted to snoop they could check the deleted file and restore it, as you do when with recovery software.
However I, personally, hope they also support in memory-only temporary storage, but that's not in the specs right now, so it might get left out.