W3C’s web applications working group has published its recommendation for Web Storage. The spec defines an API for persistent data storage of key-value pair data in web clients.

The spec is based around two related mechanisms, similar to HTTP session cookies, for storing structured data on the client side.

One example of how data could be handled better in web clients is where a user is carrying out similar transactions in multiple windows at the same time.  For example, a user could be buying plane tickets in two different windows, both using the same site. It’s the sort of thing many of us do; open two windows, try different combinations of dates and times, perhaps different destinations to see how that affects the overall cost, before finally completing the purchase in just one window.

The W3C specification points out that cookies don't really handle this case well. If the site used cookies to keep track of which ticket the user was buying, then as they click from page to page in both windows, the ticket currently being purchased will "leak" from one window to the other, potentially causing the user to buy two tickets for the same flight without really noticing.

To get around this problem, the new specification introduces the sessionStorage IDL attribute. Sites can add data to the session storage, and it will be accessible to any page from the same site opened in that window.

For example, a page could have a checkbox that the user ticks to indicate that he wants insurance. A later page could then check, from script, whether the user had checked the checkbox or not. Importantly, if the user had multiple windows opened on the site, each one would have its own individual copy of the session storage object.

The second idea in the specification in that of storage that spans multiple windows, and lasts beyond the current session.  This is aimed at web apps that want to store megabytes of user data on the client side for performance reasons. Examples given are documents written by the user, or a user's mailbox. Because a cookie is transmitted with every request, the large quantity of data would be transmitted if the app used a cookie. The new spec is for a localStorage IDL attribute that can be used to access a page's local storage area, so making it possible to store data locally to a page, and have that data accessible to the web. Each site would have its own separate storage area.

The new specification also include details of how sites should handle security for the local storage.