In recent versions of Safari (I am on 5.1 now), local storage can be cleared with Safari » Reset Safari » Remove all website data. Or by using Safari » Preferences » tabsheet Privacy » Cookies and other website data » Remove All Website Data. And even by using Remove All when viewing the details on that very same Privacy tabsheet. The Security tabsheet no longer shows any button to view the databases.
Some more details, also for older versions:
On my Mac, I found the folder ~/Library/Safari/LocalStorage
, which has a file for each site that uses local storage†, with its creation date set to my very first visit to each site. On Windows, this might be in a folder like %APPDATA%\Apple\Safari
or %APPDATA%\Apple Computer\Safari
.
Deleting all those files, and restarting Safari, obviously cleared the data for StackAuth too.
However, logging in to a random Stack Exchange site gets me the StackAuth data again, and a file in the above folder, without ever being prompted to allow that (my Safari preferences show "Database storage: none allowed before asking"), and without the domain being shown in the "Show databases" list. This also happens in private browsing modes.
This seems to be caused by the difference between HTML5 Web Databases, and HTML5 Web Storage (the latter including local storage). Chrome shows both for Twitter:
Apparently Safari only warns for databases, not for local storage? Maybe blocking local storage is going to be as hard as stopping Adobe Flash from leaving its privacy trail. The specifications state:
User agents should expire data from the local storage areas only for security reasons or when requested to do so by the user.
Let's hope someone knows of an easier way, or that we get some more control in future releases. (I filed a feature request at Apple for that.)
† In my case, I found as many as 5,904 items dating back to March 2009. And even my own domains, for which I'm sure no local storage is used, were listed with 8kb files each. Investigation shows that Alexey Ruzanov's FlashBlock user script uses local storage too, and hence causes a file for each site one visits, regardless whether it uses local storage, and regardless whether it uses Flash.
is it stored somewhere else?
If you see a encrypted_value
field with every record having (BLOB)
, then you are in the correct place:
... and blob is encrypted data itself
via Chromium
Is the content protected?
5 months ago, all Google Chrome started to encrypt all cookies. They started with doing this in Chromium (as you can see in this Chromium 'Issue').
AFAIK, this has now been updated to all current versions of Chrome. If you see the (BLOB)s
then that means you're in the right place, but the cookies are encrypted.
Over at StackOverflow, someone has 'found' a way to decrypt this, but when I attempted it, it didn't work (although my programming skills are somewhat limited - so you could have a try yourself...)
If you want to see / delete the cookies stored by Google Chrome, go to chrome://settings/cookies
(or Settings > Show advanced settings > Content settings > All cookies and site data) and you can delete them from there.
Best Answer
The Local Storage and the SQLite are there to provide the proposed (W3C) Web Storage, and Web SQL Database, originally intended for the HTML5 spec.
From Wikipedia:
.