SharedObjects - "Cookies" that Don't Go Away

Flash SharedObjects are an easy way to preserve application state on the client-side between sessions.

I have used them for Flash CD-ROM applications that need to persist data on the user's local machine and for Flash web applications that needed a "cheap local database".

But Flash SharedObjects pose a serious privacy problem for anyone who may have access to your computer.

Privacy Problem

The default Flash Player settings give 100KB of local data storage to any SWF from any web site or Flash application.

One may expect that since Flash Player runs in the context of a web browser, that when you tell your web browser to clear its cache, cookies, or other private data, that it will also remove the Flash Player SharedObject data - at least the ones added via your active web browser.

Unfortunately, that is not the case - Flash Player keeps all of your SharedObjects until you explicitly remove them.

See for yourself - on a Windows XP machine browse to this folder (Folder #1):

C:\Documents and Settings\<Your Username>\Application Data\Macromedia\Flash Player\#SharedObjects\<Random Letters and Numbers>\

You may be surprised to see that folder is filled with the domain-names of every web site you have ever visited that contained a Flash file that persisted some data.

There is also another folder that houses more SharedObject data (Folder #2):

C:\Documents and Settings\<Your Username>\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\

So how do you remove these SharedObjects and how do you prevent them from getting there in the first place?

Solutions

To remove your existing Shared Objects, follow these steps:

1. Delete existing SharedObjects
   
   Go to the Website Storage Settings Panel of the Flash Player Settings Manager (yes, the manager is on a website, not within software). Move the slider down to "None".
   
   This removes all files from the Folder #1 (above), but for some reason does not remove from the second folder.
   
   
2. Delete Contents of Folder #2
   
   Since the previous step did not empty Folder #2 (above), you need to manually delete the contents of that folder.

To prevent future SharedObjects from being saved on your system in the future, you can do this globally for all web sites using the Global Storage Settings manager.

Or set your SharedObject storage settings on a site-by-site basis by doing this:

1. Right-click on a visible Flash object in a web page.
2. Click settings.
3. Click on the tab with the "folder" icon - Local Storage.
4. Use the slider to change the data limits for that particular web site.