diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff11114..937a190 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- Browser feedback no longer goes to a stale session bucket when the widget bundle is cached across MCP restarts (#46). The session ID is now read from the script tag's `?session=` query at runtime instead of being baked into `widget.js` at serve time, so a cached bundle can never carry a stale session.
+- `/widget.js` is served with `Cache-Control: no-store` so browsers cannot reuse a previous bundle.
+- WebSocket connections that arrive with an unknown session ID are auto-rebound to the live session when exactly one MCP session is registered, or rejected with a `session_invalid` message (and the widget shows a visible reload banner) when the server can't safely guess.
+- Pending and ready feedback queues are now persisted to disk (`os.tmpdir()/claude-browser-feedback/<sessionId>.json`) and rehydrated on server boot, so feedback survives crashes and restarts.
+
+### Added
+
+- `get_pending_feedback`, `get_connection_status`, and `/status` now surface orphan feedback buckets (feedback filed under a session ID that no MCP session is listening for), and auto-rescue them into the current session when it is the only one registered.
+
 ## [0.6.6] - 2026-04-22
 
 ### Fixed
diff --git a/src/server.js b/src/server.js
index 8be4028..41fb85f 100644
--- a/src/server.js
+++ b/src/server.js
@@ -15,6 +15,7 @@ import { fileURLToPath, pathToFileURL } from "url";
 import { createRequire } from "module";
 import { execFile } from "child_process";
 import { deriveSessionId, isValidSessionId, getPendingSummary, detectProjectUrl, formatFeedbackAsContent } from "./utils.js";
+import * as storage from "./storage.js";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -38,13 +39,22 @@ const connectedClientsBySession = new Map();  // sessionId -> Set<WebSocket>
 let connectedClients = new Set();             // All clients (for total count in /status)
 let isHttpServerOwner = false; // Track if this instance owns the HTTP server
 
-// Session-partitioned data accessors
+// Session-partitioned data accessors. The owner process persists pending+ready
+// queues to disk via storage.js so feedback survives crashes and restarts.
+function persistSession(sid) {
+  if (!isHttpServerOwner || !isValidSessionId(sid)) return;
+  storage.save(sid, {
+    pending: pendingFeedbackBySession.get(sid) || [],
+    ready: readyFeedbackBySession.get(sid) || [],
+  });
+}
 function getSessionPending(sid) {
   if (!pendingFeedbackBySession.has(sid)) pendingFeedbackBySession.set(sid, []);
   return pendingFeedbackBySession.get(sid);
 }
 function setSessionPending(sid, arr) {
   pendingFeedbackBySession.set(sid, arr);
+  persistSession(sid);
 }
 function getSessionReady(sid) {
   if (!readyFeedbackBySession.has(sid)) readyFeedbackBySession.set(sid, []);
@@ -52,6 +62,7 @@ function getSessionReady(sid) {
 }
 function setSessionReady(sid, arr) {
   readyFeedbackBySession.set(sid, arr);
+  persistSession(sid);
 }
 function getSessionResolvers(sid) {
   if (!feedbackResolversBySession.has(sid)) feedbackResolversBySession.set(sid, []);
@@ -62,6 +73,51 @@ function getSessionClients(sid) {
   return connectedClientsBySession.get(sid);
 }
 
+// Find feedback buckets that aren't tied to any registered MCP session. These
+// are the symptom of issue #46: a stale widget filed feedback under a session
+// ID that nobody is listening for. Used to surface (and optionally auto-rescue)
+// the data via the MCP tools.
+function findOrphanBuckets() {
+  const orphans = [];
+  const seen = new Set();
+  for (const [sid, items] of pendingFeedbackBySession) {
+    if (!isValidSessionId(sid)) continue;
+    if (sessionRegistry.has(sid)) continue;
+    seen.add(sid);
+    orphans.push({
+      sessionId: sid,
+      pendingCount: items.length,
+      readyCount: (readyFeedbackBySession.get(sid) || []).length,
+      clientCount: (connectedClientsBySession.get(sid) || new Set()).size,
+    });
+  }
+  for (const [sid, items] of readyFeedbackBySession) {
+    if (!isValidSessionId(sid)) continue;
+    if (sessionRegistry.has(sid) || seen.has(sid)) continue;
+    orphans.push({
+      sessionId: sid,
+      pendingCount: 0,
+      readyCount: items.length,
+      clientCount: (connectedClientsBySession.get(sid) || new Set()).size,
+    });
+  }
+  return orphans.filter(o => o.pendingCount > 0 || o.readyCount > 0);
+}
+
+// Move all pending+ready feedback from an orphan bucket into the target
+// session's queues, then drop the orphan. Used when exactly one MCP session
+// is registered and auto-rescue is safe.
+function migrateOrphanInto(targetSid, orphanSid) {
+  const oldPending = pendingFeedbackBySession.get(orphanSid) || [];
+  const oldReady = readyFeedbackBySession.get(orphanSid) || [];
+  if (oldPending.length) getSessionPending(targetSid).push(...oldPending);
+  if (oldReady.length) getSessionReady(targetSid).push(...oldReady);
+  pendingFeedbackBySession.delete(orphanSid);
+  readyFeedbackBySession.delete(orphanSid);
+  storage.remove(orphanSid);
+  persistSession(targetSid);
+}
+
 // Helper to parse JSON body from an HTTP request
 function parseJsonBody(req) {
   return new Promise((resolve, reject) => {
@@ -229,21 +285,22 @@ const httpServer = http.createServer((req, res) => {
 
   if (urlObj.pathname === "/widget.js") {
     const widgetPath = path.join(__dirname, "widget.js");
-    const sessionParam = urlObj.searchParams.get('session') || '';
     fs.readFile(widgetPath, "utf8", (err, content) => {
       if (err) {
         res.writeHead(500);
         res.end("Error loading widget");
         return;
       }
-      // Inject runtime values into the widget (including session ID for isolation)
-      const wsUrl = sessionParam
-        ? `ws://localhost:${PORT}/ws?session=${sessionParam}`
-        : `ws://localhost:${PORT}/ws`;
+      // The session is NOT baked into the bundle. The widget reads it from
+      // its own <script src=...?session=...> at runtime, so a cached bundle
+      // can never carry a stale session ID.
       const injectedContent = content
-        .replace("__WEBSOCKET_URL__", wsUrl)
+        .replace("__WEBSOCKET_BASE_URL__", `ws://localhost:${PORT}/ws`)
         .replace("__WIDGET_VERSION__", PKG_VERSION);
-      res.writeHead(200, { "Content-Type": "application/javascript" });
+      res.writeHead(200, {
+        "Content-Type": "application/javascript",
+        "Cache-Control": "no-store",
+      });
       res.end(injectedContent);
     });
     return;
@@ -286,6 +343,7 @@ const httpServer = http.createServer((req, res) => {
       connectedClients: sessionId ? getSessionClients(sessionId).size : connectedClients.size,
       pendingFeedback: sessionId ? getSessionPending(sessionId).length : 0,
       sessions: sessionRegistry.size,
+      orphanSessions: findOrphanBuckets(),
     };
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify(response));
@@ -297,12 +355,31 @@ const httpServer = http.createServer((req, res) => {
     const shouldClear = urlObj.searchParams.get("clear") !== "false";
     const sessionId = urlObj.searchParams.get("session") || "unmatched";
     const sessionReady = getSessionReady(sessionId);
-    const feedback = [...sessionReady];
+    let feedback = [...sessionReady];
     if (shouldClear) {
       setSessionReady(sessionId, []);
     }
+    // Same orphan rescue logic as get_pending_feedback (Layer 4 of #46).
+    let orphans = [];
+    if (feedback.length === 0 && isValidSessionId(sessionId) && sessionRegistry.has(sessionId)) {
+      orphans = findOrphanBuckets();
+      if (orphans.length > 0 && sessionRegistry.size === 1) {
+        for (const o of orphans) {
+          console.error(`[browser-feedback-mcp] /feedback rescuing orphan ${o.sessionId} into ${sessionId}`);
+          migrateOrphanInto(sessionId, o.sessionId);
+        }
+        const rescuedReady = getSessionReady(sessionId);
+        const rescuedPending = getSessionPending(sessionId);
+        feedback = [...rescuedReady, ...rescuedPending];
+        if (shouldClear) {
+          setSessionReady(sessionId, []);
+          setSessionPending(sessionId, []);
+        }
+        orphans = []; // consumed
+      }
+    }
     res.writeHead(200, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ feedback }));
+    res.end(JSON.stringify({ feedback, orphans }));
     return;
   }
 
@@ -397,6 +474,8 @@ const httpServer = http.createServer((req, res) => {
           feedbackResolversBySession.delete(existingId);
           connectedClientsBySession.delete(existingId);
           sessionRegistry.delete(existingId);
+          storage.remove(existingId);
+          persistSession(data.sessionId);
           console.error(`[browser-feedback-mcp] Migrated session data: ${existingId} -> ${data.sessionId}`);
         }
       }
@@ -469,7 +548,39 @@ wss.on("connection", (ws, req) => {
   // Extract session ID from WebSocket URL query params
   const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
   const rawSession = reqUrl.searchParams.get('session');
-  const sessionId = rawSession || 'unmatched';
+  let sessionId = rawSession || 'unmatched';
+  let rebindReason = null;
+
+  // If the client connected with a session ID we don't know about (stale
+  // cached widget, pre-deterministic-ID bundle, etc.), try to recover.
+  if (rawSession && !sessionRegistry.has(rawSession)) {
+    const registered = Array.from(sessionRegistry.keys());
+    if (registered.length === 1) {
+      // Exactly one registered session — safe to rebind. With deterministic
+      // session IDs there can only be one MCP session per projectDir, so this
+      // is the right session by construction.
+      const target = registered[0];
+      console.error(`[browser-feedback-mcp] Rebinding WS client from unknown session ${rawSession} -> ${target}`);
+      rebindReason = { from: rawSession, to: target };
+      sessionId = target;
+    } else if (registered.length > 1) {
+      // Ambiguous — don't guess. Tell the widget so it can refresh.
+      console.error(`[browser-feedback-mcp] WS client connected with unknown session ${rawSession}; ${registered.length} sessions registered. Sending session_invalid.`);
+      try {
+        ws.send(JSON.stringify({
+          type: 'session_invalid',
+          providedSession: rawSession,
+          knownSessions: registered,
+          reason: 'Session ID not recognized. Reload the page to fetch the current widget.',
+        }));
+      } catch (_) { /* ignore */ }
+      // 4001: application close code, "session unknown to server" (RFC 6455 §7.4.2).
+      ws.close(4001, 'session_invalid');
+      return;
+    }
+    // If no sessions are registered yet, leave sessionId as the raw value;
+    // it may match once an MCP session boots.
+  }
   ws._sessionId = sessionId;
 
   if (!rawSession) {
@@ -492,6 +603,9 @@ wss.on("connection", (ws, req) => {
   if (!rawSession) {
     connectionMsg.sessionWarning = "No session ID provided. This connection is not linked to any Claude Code session.";
   }
+  if (rebindReason) {
+    connectionMsg.rebound = rebindReason;
+  }
   if (existingCount > 0) {
     connectionMsg.duplicateWarning = `This session already has ${existingCount} other connected client(s). The same site may be open in another tab.`;
   }
@@ -515,6 +629,7 @@ wss.on("connection", (ws, req) => {
         };
 
         getSessionPending(sid).push(feedback);
+        persistSession(sid);
 
         // Acknowledge receipt
         ws.send(JSON.stringify({ type: "feedback_received", id: feedback.id }));
@@ -526,7 +641,8 @@ wss.on("connection", (ws, req) => {
       if (message.type === "send_to_claude") {
         const pending = getSessionPending(sid);
         const ready = getSessionReady(sid);
-        // Move all pending items to ready
+        // Move all pending items to ready. setSessionPending below persists
+        // both maps, so the in-place ready.push is captured in the same write.
         ready.push(...pending);
         setSessionPending(sid, []);
         broadcastPendingStatus(sid);
@@ -1172,6 +1288,18 @@ The widget only loads in development (localhost) by default.
         const result = await fetchReadyFeedback(shouldClear);
         if (result && result.feedback) {
           if (result.feedback.length === 0) {
+            const orphans = Array.isArray(result.orphans) ? result.orphans : [];
+            if (orphans.length > 0) {
+              const hint = orphans.map(o => `  - ${o.sessionId} (${o.pendingCount} pending, ${o.readyCount} ready, ${o.clientCount} client(s))`).join('\n');
+              return {
+                content: [
+                  {
+                    type: "text",
+                    text: `No pending feedback for this session.\n\nHowever, ${orphans.length} orphan bucket(s) hold feedback under session IDs not tied to any MCP session (likely a stale widget cache — see #46):\n${hint}\n\nReload the browser tab so the widget rebinds to the current session, then try again.`,
+                  },
+                ],
+              };
+            }
             return {
               content: [
                 {
@@ -1197,12 +1325,45 @@ The widget only loads in development (localhost) by default.
       }
 
       const sessionReady = getSessionReady(SESSION_ID);
-      const feedback = [...sessionReady];
+      let feedback = [...sessionReady];
       if (shouldClear) {
         setSessionReady(SESSION_ID, []);
       }
 
+      // If our own bucket is empty but a stale widget filed feedback under an
+      // unknown session ID, recover it. With deterministic IDs there can only
+      // be one MCP session per projectDir, so when exactly one is registered
+      // it's safe to fold the orphan bucket into ours. Otherwise just report.
       if (feedback.length === 0) {
+        const orphans = findOrphanBuckets();
+        if (orphans.length > 0) {
+          if (sessionRegistry.size === 1) {
+            for (const o of orphans) {
+              console.error(`[browser-feedback-mcp] Rescuing orphan bucket ${o.sessionId} into ${SESSION_ID} (${o.pendingCount} pending, ${o.readyCount} ready)`);
+              migrateOrphanInto(SESSION_ID, o.sessionId);
+            }
+            const rescuedReady = getSessionReady(SESSION_ID);
+            const rescuedPending = getSessionPending(SESSION_ID);
+            feedback = [...rescuedReady, ...rescuedPending];
+            if (shouldClear) {
+              setSessionReady(SESSION_ID, []);
+              setSessionPending(SESSION_ID, []);
+            }
+            if (feedback.length > 0) {
+              return { content: formatFeedbackAsContent(feedback) };
+            }
+          } else {
+            const hint = orphans.map(o => `  - ${o.sessionId} (${o.pendingCount} pending, ${o.readyCount} ready, ${o.clientCount} client(s))`).join('\n');
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `No pending feedback for this session.\n\nHowever, ${orphans.length} orphan bucket(s) hold feedback under session IDs not tied to any MCP session (likely a stale widget cache — see #46):\n${hint}\n\nReload the browser tab so the widget rebinds to the current session, then try again.`,
+                },
+              ],
+            };
+          }
+        }
         return {
           content: [
             {
@@ -1484,6 +1645,7 @@ The widget only loads in development (localhost) by default.
                     serverUrl: `http://localhost:${PORT}`,
                     widgetUrl: `http://localhost:${PORT}/widget.js?session=${SESSION_ID}`,
                     sessionId: SESSION_ID,
+                    orphanSessions: status.orphanSessions || [],
                     note: "Status fetched from running server (this MCP instance is proxying)",
                   },
                   null,
@@ -1526,6 +1688,7 @@ The widget only loads in development (localhost) by default.
                 serverUrl: `http://localhost:${PORT}`,
                 widgetUrl: `http://localhost:${PORT}/widget.js?session=${SESSION_ID}`,
                 sessionId: SESSION_ID,
+                orphanSessions: findOrphanBuckets(),
               },
               null,
               2
@@ -1757,6 +1920,10 @@ function shutdown(reason) {
 
   // Only close HTTP server if we own it
   if (isHttpServerOwner) {
+    // Flush any pending disk writes before exiting so debounced feedback
+    // isn't lost on shutdown.
+    try { storage.flushAll(); } catch { /* ignore */ }
+
     // Remove own session from registry only if we still own it
     const ownSession = sessionRegistry.get(SESSION_ID);
     if (ownSession && ownSession.processId === PROCESS_ID) {
@@ -1869,6 +2036,20 @@ async function main() {
   // Register this session
   const detected = detectProjectUrl(PROJECT_DIR);
   if (isHttpServerOwner) {
+    // Rehydrate any persisted feedback queues from disk so feedback submitted
+    // before a crash/restart isn't lost (fix for #46).
+    try {
+      for (const sid of storage.listSessions()) {
+        const { pending, ready } = storage.load(sid);
+        if (pending.length || ready.length) {
+          pendingFeedbackBySession.set(sid, pending);
+          readyFeedbackBySession.set(sid, ready);
+          console.error(`[browser-feedback-mcp] Rehydrated session ${sid}: ${pending.length} pending, ${ready.length} ready`);
+        }
+      }
+    } catch (err) {
+      console.error(`[browser-feedback-mcp] Rehydrate failed: ${err.message}`);
+    }
     // Owner registers directly
     sessionRegistry.set(SESSION_ID, {
       sessionId: SESSION_ID,
diff --git a/src/storage.js b/src/storage.js
new file mode 100644
index 0000000..60f53c0
--- /dev/null
+++ b/src/storage.js
@@ -0,0 +1,98 @@
+import fs from "fs";
+import path from "path";
+import os from "os";
+import { isValidSessionId } from "./utils.js";
+
+// Disk location for per-session feedback queues. Tmp dir is deliberate:
+// it survives the server process (so crashes/restarts don't lose data)
+// but doesn't pollute the user's home or the project tree.
+const ROOT = path.join(os.tmpdir(), "claude-browser-feedback");
+
+// `mode` only applies on first creation. If ROOT was created by an older
+// version without the mode arg, the permissions stay whatever they were —
+// usually fine because the OS clears tmp on reboot.
+function ensureRoot() {
+  try { fs.mkdirSync(ROOT, { recursive: true, mode: 0o700 }); } catch { /* ignore */ }
+}
+
+function fileFor(sessionId) {
+  return path.join(ROOT, `${sessionId}.json`);
+}
+
+export function getStorageDir() {
+  return ROOT;
+}
+
+// Synchronous load — small payloads, called rarely (boot + first access).
+export function load(sessionId) {
+  if (!isValidSessionId(sessionId)) return { pending: [], ready: [] };
+  try {
+    const raw = fs.readFileSync(fileFor(sessionId), "utf8");
+    const data = JSON.parse(raw);
+    return {
+      pending: Array.isArray(data.pending) ? data.pending : [],
+      ready: Array.isArray(data.ready) ? data.ready : [],
+    };
+  } catch {
+    return { pending: [], ready: [] };
+  }
+}
+
+// Debounced write-through. Mutations on `pending` / `ready` are coalesced
+// per session into a single atomic rename so we never tear a file mid-write.
+const pendingWrites = new Map(); // sessionId -> { timer, state }
+const WRITE_DELAY_MS = 50;
+
+export function save(sessionId, state) {
+  if (!isValidSessionId(sessionId)) return;
+  const entry = pendingWrites.get(sessionId) || {};
+  entry.state = {
+    pending: Array.isArray(state.pending) ? state.pending : [],
+    ready: Array.isArray(state.ready) ? state.ready : [],
+    updatedAt: new Date().toISOString(),
+  };
+  if (entry.timer) clearTimeout(entry.timer);
+  entry.timer = setTimeout(() => flush(sessionId), WRITE_DELAY_MS);
+  pendingWrites.set(sessionId, entry);
+}
+
+export function flush(sessionId) {
+  const entry = pendingWrites.get(sessionId);
+  if (!entry || !entry.state) return;
+  pendingWrites.delete(sessionId);
+  try {
+    ensureRoot();
+    const target = fileFor(sessionId);
+    const tmp = `${target}.${process.pid}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(entry.state), { encoding: "utf8", mode: 0o600 });
+    fs.renameSync(tmp, target);
+  } catch (err) {
+    console.error(`[browser-feedback-mcp] storage flush failed for ${sessionId}: ${err.message}`);
+  }
+}
+
+export function flushAll() {
+  for (const sid of Array.from(pendingWrites.keys())) flush(sid);
+}
+
+export function remove(sessionId) {
+  if (!isValidSessionId(sessionId)) return;
+  const entry = pendingWrites.get(sessionId);
+  if (entry && entry.timer) clearTimeout(entry.timer);
+  pendingWrites.delete(sessionId);
+  try { fs.unlinkSync(fileFor(sessionId)); } catch { /* ignore */ }
+}
+
+// Enumerate persisted sessions on disk. Used to rehydrate on boot.
+export function listSessions() {
+  ensureRoot();
+  let names;
+  try { names = fs.readdirSync(ROOT); } catch { return []; }
+  const out = [];
+  for (const name of names) {
+    if (!name.endsWith(".json")) continue;
+    const sid = name.slice(0, -5);
+    if (isValidSessionId(sid)) out.push(sid);
+  }
+  return out;
+}
diff --git a/src/widget.js b/src/widget.js
index a8fafc8..f57b873 100644
--- a/src/widget.js
+++ b/src/widget.js
@@ -21,9 +21,37 @@
   let shadowRoot = null;    // Shadow DOM root for style isolation
 
   // Configuration
-  const WS_URL = '__WEBSOCKET_URL__'; // Injected by server
-  const WIDGET_VERSION = '__WIDGET_VERSION__'; // Injected by server
+  // Base WS URL is injected at serve time; the session is read from the
+  // <script src=...?session=...> tag at runtime, so a cached bundle can
+  // never carry a stale session ID (fix for #46).
+  const WS_BASE_URL = '__WEBSOCKET_BASE_URL__';
+  const WIDGET_VERSION = '__WIDGET_VERSION__';
   const WIDGET_ID = 'claude-feedback-widget';
+
+  // UUID format used by deriveSessionId on the server
+  const SESSION_ID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+
+  function resolveSessionFromScript() {
+    const candidates = [];
+    if (document.currentScript && document.currentScript.src) {
+      candidates.push(document.currentScript.src);
+    }
+    const tagged = document.getElementById('claude-feedback-widget-script');
+    if (tagged && tagged.src) candidates.push(tagged.src);
+    for (const src of candidates) {
+      try {
+        const u = new URL(src, location.href);
+        const s = u.searchParams.get('session');
+        if (s && SESSION_ID_RE.test(s)) return s;
+      } catch (_) { /* fall through */ }
+    }
+    return null;
+  }
+
+  let currentSessionId = resolveSessionFromScript();
+  function buildWsUrl(sessionId) {
+    return sessionId ? `${WS_BASE_URL}?session=${sessionId}` : WS_BASE_URL;
+  }
   
   // State
   let ws = null;
@@ -945,10 +973,10 @@
     if (typeof html2canvas !== 'undefined') return Promise.resolve();
     if (html2canvasPromise) return html2canvasPromise;
 
-    // Derive HTTP URL from WS_URL (same host/port)
+    // Derive HTTP URL from the WS base (same host/port)
     let baseUrl;
     try {
-      const wsUrl = new URL(WS_URL);
+      const wsUrl = new URL(WS_BASE_URL);
       baseUrl = `http://${wsUrl.host}`;
     } catch {
       baseUrl = `http://localhost:9877`;
@@ -1024,7 +1052,7 @@
 
   function connectWebSocket() {
     try {
-      ws = new WebSocket(WS_URL);
+      ws = new WebSocket(buildWsUrl(currentSessionId));
       
       ws.onopen = () => {
         isConnected = true;
@@ -1203,6 +1231,27 @@
       if (message.duplicateWarning) {
         console.warn('[Claude Feedback]', message.duplicateWarning);
       }
+      if (message.rebound && message.sessionId) {
+        // Server rebound us to a live session because our cached session ID
+        // was stale. Adopt the new ID so subsequent reconnects use it directly.
+        console.warn(`[Claude Feedback] Session rebound: ${message.rebound.from} -> ${message.rebound.to}`);
+        currentSessionId = message.sessionId;
+      }
+    } else if (message.type === 'session_invalid') {
+      // The server doesn't recognize our session ID and can't auto-rebind.
+      // Try a fresh read from the script tag (extension may have refreshed it);
+      // if it's still stale, prompt the user to reload.
+      const fresh = resolveSessionFromScript();
+      if (fresh && fresh !== currentSessionId) {
+        console.warn(`[Claude Feedback] Session refreshed from script src: ${currentSessionId} -> ${fresh}`);
+        currentSessionId = fresh;
+        // The current socket was closed by the server. Reconnect with the new ID.
+        if (_wsReconnectTimeout) clearTimeout(_wsReconnectTimeout);
+        _wsReconnectTimeout = setTimeout(connectWebSocket, 100);
+      } else {
+        console.warn('[Claude Feedback] Session invalid:', message);
+        showSessionInvalidBanner(message);
+      }
     } else if (message.type === 'pending_status') {
       // Update pending items from server
       pendingItems = message.items || [];
@@ -1755,6 +1804,37 @@
     console.log('[Claude Feedback]', message);
   }
 
+  // Visible banner shown when the server tells us our session ID is stale and
+  // we can't recover automatically. Lives directly on document.body (not the
+  // shadow root) so it survives even if the widget host is torn down.
+  function showSessionInvalidBanner(message) {
+    const existing = document.getElementById('claude-feedback-session-invalid');
+    if (existing) return;
+    const banner = document.createElement('div');
+    banner.id = 'claude-feedback-session-invalid';
+    banner.style.cssText = [
+      'position:fixed', 'top:0', 'left:0', 'right:0', 'z-index:2147483647',
+      'background:#b91c1c', 'color:#fff', 'padding:10px 16px',
+      'font:14px/1.4 -apple-system,system-ui,sans-serif',
+      'box-shadow:0 2px 8px rgba(0,0,0,.2)', 'display:flex',
+      'align-items:center', 'justify-content:space-between', 'gap:12px',
+    ].join(';');
+    const text = document.createElement('span');
+    text.textContent = (message && message.reason)
+      || 'Claude feedback widget: session changed. Reload the page to reconnect.';
+    const reload = document.createElement('button');
+    reload.textContent = 'Reload';
+    reload.style.cssText = 'background:#fff;color:#b91c1c;border:0;border-radius:4px;padding:6px 12px;font-weight:600;cursor:pointer';
+    reload.addEventListener('click', () => location.reload());
+    const dismiss = document.createElement('button');
+    dismiss.textContent = '✕';
+    dismiss.setAttribute('aria-label', 'Dismiss');
+    dismiss.style.cssText = 'background:transparent;color:#fff;border:0;font-size:18px;cursor:pointer;padding:0 4px';
+    dismiss.addEventListener('click', () => banner.remove());
+    banner.append(text, reload, dismiss);
+    document.body.appendChild(banner);
+  }
+
   // ============================================
   // Self-Healing: detect DOM removal and re-inject
   // ============================================
diff --git a/tests/http-endpoints.test.js b/tests/http-endpoints.test.js
index da96c51..1d76a0d 100644
--- a/tests/http-endpoints.test.js
+++ b/tests/http-endpoints.test.js
@@ -257,21 +257,43 @@ function connectWs(sessionId) {
   });
 }
 
+async function registerSession(sessionId, opts = {}) {
+  await fetch(`${BASE_URL}/register-session`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      sessionId,
+      processId: opts.processId || `proc-${sessionId.slice(0, 8)}`,
+      projectDir: opts.projectDir || `/tmp/ws-test-${sessionId}`,
+    }),
+  });
+}
+async function unregisterSession(sessionId, processId) {
+  await fetch(`${BASE_URL}/unregister-session`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ sessionId, processId: processId || `proc-${sessionId.slice(0, 8)}` }),
+  });
+}
+
 describe('WebSocket session routing', () => {
-  it('client with ?session=<uuid> registers in correct session bucket', async () => {
+  it('client with registered ?session=<uuid> stays in its bucket', async () => {
     const sessionId = crypto.randomUUID();
+    await registerSession(sessionId);
     const { ws, msg } = await connectWs(sessionId);
 
     try {
       expect(msg.type).toBe('connected');
       expect(msg.sessionId).toBe(sessionId);
       expect(msg.sessionWarning).toBeUndefined();
+      expect(msg.rebound).toBeUndefined();
 
       const resp = await fetch(`${BASE_URL}/status?session=${sessionId}`);
       const data = await resp.json();
       expect(data.connectedClients).toBe(1);
     } finally {
       ws.close();
+      await unregisterSession(sessionId);
     }
   });
 
@@ -293,6 +315,51 @@ describe('WebSocket session routing', () => {
     }
   });
 
+  it('client with stale session ID is rebound when exactly one session is registered', async () => {
+    // Real-world scenario: server has its own session registered (the
+    // spawned test server). A stale cached widget connects with an unknown
+    // UUID; the server should rebind it to the live session (Layer 2 of #46).
+    const staleId = crypto.randomUUID();
+
+    // Ensure only the server's own session is registered. (Other tests
+    // clean up after themselves; we just observe how many sessions exist.)
+    const sessionsResp = await fetch(`${BASE_URL}/sessions`);
+    const sessionsData = await sessionsResp.json();
+    expect(sessionsData.sessions.length).toBe(1);
+    const liveSession = sessionsData.sessions[0].sessionId;
+
+    const { ws, msg } = await connectWs(staleId);
+    try {
+      expect(msg.type).toBe('connected');
+      expect(msg.sessionId).toBe(liveSession);
+      expect(msg.rebound).toEqual({ from: staleId, to: liveSession });
+    } finally {
+      ws.close();
+    }
+  });
+
+  it('client with unknown session is rejected when multiple sessions registered', async () => {
+    const sessionA = crypto.randomUUID();
+    const sessionB = crypto.randomUUID();
+    await registerSession(sessionA, { projectDir: '/tmp/multi-a' });
+    await registerSession(sessionB, { projectDir: '/tmp/multi-b' });
+
+    const staleId = crypto.randomUUID();
+    try {
+      const { ws, msg } = await connectWs(staleId);
+      try {
+        expect(msg.type).toBe('session_invalid');
+        expect(msg.providedSession).toBe(staleId);
+        expect(msg.knownSessions).toEqual(expect.arrayContaining([sessionA, sessionB]));
+      } finally {
+        ws.close();
+      }
+    } finally {
+      await unregisterSession(sessionA);
+      await unregisterSession(sessionB);
+    }
+  });
+
   it('client reconnecting after session migration lands in correct bucket', async () => {
     // Register session A with a projectDir, connect a WS client, submit feedback
     const sessionA = crypto.randomUUID();
@@ -354,6 +421,7 @@ describe('WebSocket session routing', () => {
 
   it('second client on same session triggers duplicate warning', async () => {
     const sessionId = crypto.randomUUID();
+    await registerSession(sessionId);
     const { ws: ws1, msg: msg1 } = await connectWs(sessionId);
 
     try {
@@ -374,6 +442,25 @@ describe('WebSocket session routing', () => {
       }
     } finally {
       ws1.close();
+      await unregisterSession(sessionId);
     }
   });
 });
+
+// ============================================
+// Orphan bucket reporting (Layer 4 of #46)
+// ============================================
+
+describe('orphan bucket reporting', () => {
+  it('GET /status exposes orphanSessions field', async () => {
+    const resp = await fetch(`${BASE_URL}/status`);
+    const data = await resp.json();
+    expect(Array.isArray(data.orphanSessions)).toBe(true);
+  });
+
+  it('GET /feedback exposes orphans field', async () => {
+    const resp = await fetch(`${BASE_URL}/feedback?session=${crypto.randomUUID()}`);
+    const data = await resp.json();
+    expect(Array.isArray(data.orphans)).toBe(true);
+  });
+});
diff --git a/tests/storage.test.js b/tests/storage.test.js
new file mode 100644
index 0000000..419014f
--- /dev/null
+++ b/tests/storage.test.js
@@ -0,0 +1,90 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import fs from 'fs';
+import path from 'path';
+import * as storage from '../src/storage.js';
+import { deriveSessionId } from '../src/utils.js';
+
+function makeSessionId(seed) {
+  return deriveSessionId(`/tmp/storage-test-${seed}-${Date.now()}-${Math.random()}`);
+}
+
+// Storage writes are debounced (50ms). Tests need to wait past that window
+// before checking disk.
+function flushDelay() {
+  return new Promise(r => setTimeout(r, 80));
+}
+
+describe('storage', () => {
+  // Each test uses a unique session ID so they don't collide on the shared
+  // tmpdir directory.
+  let sid;
+
+  beforeEach(() => {
+    sid = makeSessionId('case');
+  });
+
+  afterEach(() => {
+    storage.remove(sid);
+  });
+
+  it('returns empty arrays for an unknown session', () => {
+    const data = storage.load(sid);
+    expect(data).toEqual({ pending: [], ready: [] });
+  });
+
+  it('persists pending and ready arrays across load', async () => {
+    storage.save(sid, {
+      pending: [{ id: 'p1', description: 'first' }],
+      ready: [{ id: 'r1', description: 'ready item' }],
+    });
+    await flushDelay();
+    const loaded = storage.load(sid);
+    expect(loaded.pending).toEqual([{ id: 'p1', description: 'first' }]);
+    expect(loaded.ready).toEqual([{ id: 'r1', description: 'ready item' }]);
+  });
+
+  it('coalesces rapid saves via debounce', async () => {
+    storage.save(sid, { pending: [{ id: 'a' }], ready: [] });
+    storage.save(sid, { pending: [{ id: 'a' }, { id: 'b' }], ready: [] });
+    storage.save(sid, { pending: [{ id: 'a' }, { id: 'b' }, { id: 'c' }], ready: [] });
+    await flushDelay();
+    const loaded = storage.load(sid);
+    expect(loaded.pending.map(i => i.id)).toEqual(['a', 'b', 'c']);
+  });
+
+  it('flush forces an immediate write', () => {
+    storage.save(sid, { pending: [{ id: 'sync' }], ready: [] });
+    storage.flush(sid);
+    const loaded = storage.load(sid);
+    expect(loaded.pending).toEqual([{ id: 'sync' }]);
+  });
+
+  it('remove deletes the file', async () => {
+    storage.save(sid, { pending: [{ id: 'x' }], ready: [] });
+    await flushDelay();
+    storage.remove(sid);
+    const loaded = storage.load(sid);
+    expect(loaded).toEqual({ pending: [], ready: [] });
+  });
+
+  it('listSessions enumerates persisted sessions', async () => {
+    const sidA = makeSessionId('a');
+    const sidB = makeSessionId('b');
+    try {
+      storage.save(sidA, { pending: [{ id: 'pa' }], ready: [] });
+      storage.save(sidB, { pending: [], ready: [{ id: 'rb' }] });
+      await flushDelay();
+      const list = storage.listSessions();
+      expect(list).toEqual(expect.arrayContaining([sidA, sidB]));
+    } finally {
+      storage.remove(sidA);
+      storage.remove(sidB);
+    }
+  });
+
+  it('rejects writes for malformed session IDs', () => {
+    storage.save('not-a-uuid', { pending: [{ id: 'x' }], ready: [] });
+    storage.flush('not-a-uuid');
+    expect(fs.existsSync(path.join(storage.getStorageDir(), 'not-a-uuid.json'))).toBe(false);
+  });
+});