When is localStorage cleared?

Question

How long can I expect data to be kept in localStorage. How long will an average user's localStorage data persist? If the user doesn't clear it, will it last till a browser re-install?

Is this consistent across browsers?

Answer 1

localStorage is also known as Web Storage, HTML5 Storage, and DOM Storage (these all mean the same thing).

localStorage.setItem('bob', varMyData);
sessionStorage.setItem('bob', varMyData);

Right here, right up top, we need to remember that there is also the indexedDB API - and it can store WAAAAAY more data than localStorage! (See LIMITATIONS below)

localStorage is similar to sessionStorage, except that data stored in localStorage has no expiration time, while data stored in sessionStorage gets cleared when the browsing session ends (i.e. when the browser / browser tab is closed). (See Limitations section below for up-to-date storage size limitations.)

Session storage is used much less often than localStorage, and exists only within the current browser tab - even two tabs loaded with the same website will have different sessionStorage data. sessionStorage data survives page refresh, but not closing/opening the tab. LocalStorage data, on the other hand, is shared between all tabs and windows from the same origin. LocalStorage data does not expire; it remains after the browser is restarted and even after OS reboot.

localStorage is available on all browsers, but persistence is not consistently implemented. In particular, localStorage can be cleared by user action and may be cleared inadvertently (who would think that clearing all cookies also clears localStorage?).

In Firefox, localStorage is cleared when these three conditions are met: (a) user clears recent history, (b) cookies are selected to be cleared, (c) time range is "Everything" -- or when LocalStorage is full - see "Limitations" section below.

In Chrome, localStorage is cleared when these conditions are met: (a) clear browsing data, (b) "cookies and other site data" is selected, (c) timeframe is "from beginning of time" -- or when LocalStorage is full (see "Limitations" section below). In Chrome, it is also now possible to delete localStorage for one specific site.

In IE, to clear localStorage: (a) Tools--Internet Options, (b) General tab, (c) delete browsing history on exit, (d) ensure "Cookies and website data" (or "temporary internet files and website files") is selected, (e) consider unchecking "Preserve Favorites website data" at the top

In Safari: (a) Click Safari (b) Preferences (c) Select the Privacy tab (d) Click Remove all website data (e) Click Remove Now

Opera: Despite excellent articles on localStorage from the Opera site, I haven't yet found clear (non-programmatic) instructions to users on how to clear localStorage. If anyone finds, please leave a comment below this answer with reference link.

Limitations:

TOTAL localStorage is limited to 50% of free disk space.

The indexedDB API, however, allows you to store 80% of available disk space, of which 75% of that can be used by a single domain. <Gru>That's what I'm talking about...!<\Gru> IndexedDB is more complex than localStorage, so you may wish to use a wrapper like Dexie or idb. EXCEPT for the Safari browser, which deletes IndexedDB databases 7 days after last use, IndexedDB is much more persistent than localStorage et al. See this and this and the W3C Working Paper. In practice, IndexedDB's data may be more persistent than documented.

ALSO, the localStorage for any one "origin" (domain + any subdomains) is (theoretically) limited to 20% of total localStorage - in practice, though, the localStorage for one domain (as of Oct/2022) is:

• minimum: 10Mb
• maximum: 2Gb Source
• actual: 5Mb (limit on my system with 6Gb free space, per a modified version of this script )
  (Test System: i7 / 32Gb / 500Gb SSD w 6Gb free / Brave browser:
  Version 1.45.133 Chromium: 107.0.5304.141 (Official Build) (64-bit)

When the TOTAL localStorage is full, then the browser will start clearing out data (called "origin eviction") based on an LRU policy — the Least Recently Used domain will be deleted first, then the next one, until the browser is no longer over the limit.

Note that this origin eviction process will delete an entire domain's worth of data until the storage amount goes under the limit again. Deletion of a domain's localStorage data is "all-or-nothing" -- there is no trimming effect put in place to delete parts of origins (domains) because partial data could be much worse than no data.

---

The Opera dev site has an excellent summary of localStorage:

The current way of storing data on the client-side — cookies — is a problem:

• Low size: Cookies generally have a maximum size of around 4 KB, which is not much good for storing any kind of complex data

• It’s difficult for cookies to keep track of two or more transactions on the same site, which might be happening in two or more different tabs

• Cookies can be exploited using techniques such as cross site scripting, resulting in security breaches

Other (less popular) alternatives to cookies include techniques involving query strings, hidden form fields, flash based local shared objects, etc. Each with their own set of problems related to security, ease of use, size restrictions etc. So up until now we have been using pretty bad ways of storing data on the user’s end. We need a better way, which is where Web Storage comes in.

Web Storage

The W3C Web Storage specification was designed as a better way of storing data on the client-side. It has two different types of storage: Session Storage and Local Storage.

Both Session and Local Storage will typically be able to store around 5 MB of data per domain, which is significantly more than cookies. NOTE THAT although MDN's numbers were updated (Oct 2022) and now say: minimum: 10Mb / Maximum: 2Gb, this author is unable to exceed 5Mb per domain/origin. M.D.N. / test script

Resources:

https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage

MDN - Browser_storage_limits_and_eviction_criteria

https://javascript.info/localstorage

https://dev.opera.com/articles/web-storage/

http://www.quirksmode.org/html5/storage.html

http://www.ghacks.net/2015/02/05/how-to-clear-web-storage-in-your-browser-of-choice/

https://nakedsecurity.sophos.com/2014/11/05/how-to-clear-out-cookies-flash-cookies-and-local-storage/

http://www.opera.com/dragonfly/documentation/storage/

DOMStorage article on MDN (written by John Resig)

http://ejohn.org/blog/dom-storage/

Answer 2

W3C draft says this

User agents should expire data from the local storage areas only for security reasons or when requested to do so by the user. User agents should always avoid deleting data while a script that could access that data is running.

So if browsers follow the spec it should persist untill the user removes it on all browsers, I have not found any that have deleted on any off my projects.

A good article to read is also http://ejohn.org/blog/dom-storage/

Answer 3

Duration

Unlimited. The data persists through browser & OS restarts.

Capacity

Each domain can store minimum of 5MB of data in LocalStorage.

For some browsers you can store up to 1GB of data.

Answer 4

In Chrome while performing 'clear browsing data' , if you choose 'Cookies and other site and plugin data' option then sessionStorage data will be erased.

Answer 5

The content in localstorage is persistent as long as the user chooses to clear the storage (entirely or a single value inside it)

About the consistency across browser, localstorage is currently available on every major browser, including IE8+ (see http://caniuse.com/#feat=namevalue-storage)

Answer 6

In 2020, the WebKit team announced Safari would delete all script-writeable storage, including LocalStorage, if the user has not interacted with the site for a period of seven days.

(They note that web apps added to the home screen of a mobile device are not part of Safari, and their LocalStorage data should not be deleted.)

https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more