Firefox -- An RFC violation??

The "no-store" directive says that no information should be stored on your hard disk and the application must make a best effort to remove the information from browser memory(volatile storage) as soon as possible. Now the "as soon as possible" is a dangerous phrase; as it could mean different things to a developer and a security consultant. However we came to the conclusion that the least that needs to happen is that all private pages shouldn't be cached at all on disk. Also in the event of the pages remaining in browser memory there is a high possibility of the pages remaining in the browser memory even after logging out. So ideally the moment you logout the browser needs to close the window itself thus flushing any pages in memory. However there have been places where this doesn't happen and pages are cached on disk even after a Firefox browser close. This doesn't happen with IE though strangely enough. Wonder why?

The "no-cache" directive says that some specific pages must not be cached at all and every time a request is made for that resource it should be revalidated against the server before the page is served. However in a recent appsec assignment we saw Firefox caching pages irrespective of the "no-cache" directive. So when we did a "Work Offline" in Firefox we were still able to access the pages. However on browser close these pages disappeared. This only proves that the pages were in browser memory for Firefox. This behavior was not repeated with IE or Opera where it refused to let us see pages on Working Offline? So why the discrepancy with Firefox? Why doesn't the browser try and contact the server before serving the page? More later when I get time to hack around ...Do reply if you know why!!