Where does autosave save form versions

yes, field values ARE stored in the autosaved_forms table.

Autosave does not save nodes; so no reason it should impact revisions.

as for module not working.. hmm.. well D5 version is used on one of the largest Drupal sites out there.. and works very well.

We are soon to launch the D6 version of this site (as in next week or so) that will have the D6 version of Autosave on it... so it seems to work fine now.. but won't have a ton of real use until that happens.

Let's say we have a public computer, such as in a university library, and User A has been entering data in our Drupal application that uses the autosave module. User A enters data, and for some forms the autosave feature saves data. User A logs out of the Drupal application. Is there any way that another user -- User B -- can see autosaved information that User A entered? From what is said above, I presume the answer is no (since it is said that the data are stored in the database tables), but if possible I'd like confirmation from the module maintainers. I just want to be certain what's happening from a data security perspective, in case someone asks me about that. Thanks!

data is saved on a path plus uid basis: therefore node/add/page plus uid or something like node/34/edit and uid.

so NO, a user can not see the saved values from another user.

Thank you very much for the superfast response. It can be helpful to others if you clarified this somewhere in the module description or documentation, since some may need to understand info security requirements.

I would think a simple test would suffice for people worried about security. Edit as person a. Log in as person b. You won't see work by person a. Test done.

That's not really what I meant. The simple test you describe in #5 doesn't clearly ensure that the data is secure, and your response leaves me uncertain as to whether you understood my question and the intent of my question.

For example, let's say autosave also saved the information locally in a cookie. Let's also say that Person A borrows Person B's computer. Person A is logged in to Person A's account and some data is saved with autosave. For some reason, the browser crashes, and Person A goes to another friend's computer to continue working. Can Person B who has administrative access to that computer inspect the cookie that contained Person A's data? In this hypothetical scenario, your simple test would determine that the data is secure when it is not.
I'm not saying that autosave saves information in a cookie, but I use the example above as a way to demonstrate what I'm asking.

Nope. No cookies. Form values stored in db referenced to uid and url. Pretty much only way to do it.