Flash Cookies explained

Flash cookies are a new way of tracing your movement on the Internet and storing lots of information about you. Their official term is Local Shared Objects (LSOs) and their primary purpose is not to track you, but to provide Flash applications with options to save data to the local system.

This can be useful when you play games, as it is one way to save your progress. But since there is no distinction between good and bad uses, many companies have started to use Flash to save persistent information on the user system as an alternative to third-party HTTP cookies.

One major disadvantage of flash cookies is that you can't locate them in your browser easily. They are not shown in the list of cookies which you can access if you open the cookie manager of the browser, nor do they appear in databases or other browser-specific storage locations.

Normal HTTP cookies can't save more than 4 Kilobyte of data while Flash cookies can save up to 100 Kilobyte by default. If you want to try out how they work you could do the following.

Go to YouTube, increase or decrease the volume of a video and delete all cookies afterwards. You will notice that the volume level is still at the same level when you close your browser and open it again.

This is done with so called Local Shared Objects, better known as Flash cookies. The main question is of course how a computer can be checked for Flash cookies and how you can delete these cookies on your system to reduce the exposure to tracking.

This is actually a very tricky thing. I was looking for a way to check them on my computer but could not find one.

After several hours of research I found information on the Adobe Flash Player website that helped me figure it out. You need to open an online page on the Adobe Website, the Adobe Flash Player Settings Manager to be precise, to manage and delete Flash cookies on your system.

flash cookies

The so called Settings Manager can be accessed from the Adobe website but is running locally on your computer. The Website Storage Settings display all Flash cookies that are currently saved on your computer.

You can delete flash cookies from individual sites or all at once. It is also possible to increase or decrease the Kilobyte size of all information that are stored on your computer.

Adobe does not have access to the settings that you see in the Settings Manager or to personal information on your computer.

flash cookies explained

No Flash Cookies will be saved if you go into Global Storage Settings and disable the option "Allow third-party Flash content to store data on your computer".

47 websites did store Flash cookies on my computer and I decided to delete all of them and disable the feature to be on the safe site. Did you know about Flash cookies ? How many did you find on your pc?

Update: The most recent Flash versions, at least on Windows, make available the settings manager locally as well. Open the Windows Control Panel and locate Flash there. When you open the applet, you see the storage settings right away.

Here you can click on delete all to remove all information from your computer, or open the local storage settings by site menu to get a list of all websites that use the storage.

flash player settings manager

Not all use the storage to save cookies though, and you may want to go through the list to avoid deleting data that you may need in the future.

Switch to the advanced tab afterwards. Here you find another option to delete all browsing data and settings on the computer.

Please share this article


Responses to Flash Cookies explained

  1. Me May 4, 2007 at 10:08 pm #

    Even more funny is when Flash makes the webcam and the microphone send everything you do in front of your screen. It is worth to learn what Adobe Flash can do and how to parameter it.

  2. Techie Buzz May 5, 2007 at 2:57 am #

    Great tip Martin. Good to know what browsers can do on your local machines.

  3. Litschi May 5, 2007 at 7:11 am #

    have a look in

    dir "%appdata%\macromedia\flash player\#sharedobjects"

  4. Vlad May 5, 2007 at 8:43 am #

    This is the first time I hear about this, and it is a very disturbing info!
    Thank you for an excellent post!!!

  5. Litschi May 5, 2007 at 12:22 pm #

    I've made a Quick-and-dirty Flash-Cookie-Killer after reading this post. Feel free to use it :-)
    Download (15.388 Bytes) : http://dropster.org/3lob8czc063f/fck_0_5_0.zip

  6. Vijeesh May 5, 2007 at 2:23 pm #

    Hi Martin,

    Flash Cookies are stored in directories depending on the OS.

    In Windows it is in,
    [Root drive]:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player\#SharedObjects\

    where [Root drive] is the drive on which the OS is installed and [username] may vary for all users.

    I usually delete everything I find in the above dir.
    Flash Cookies are files with a .SOL extension.

    For non-Windows users,

    Macintosh OSX /Users/[username]/Library/Preferences/Macromedia/Flash Player

    GNU-Linux ~/.macromedia

    Tech Xpress

  7. Dante May 5, 2007 at 3:53 pm #

    Thanks for this info. I wasn't aware of this bit of spyware. To those of you who wish to have control over deleting this junk, write the following batch file in NotePad and put it into the [All Programs] [StartUp] tab of your Windows [Start] button:

    del /f C:\Documents and Settings\[your user directory here]\Application Data\Macromedia\Flash Player

    This delete batch file will run everytime your Windows boots up.

    Note I'm suggesting deleting the entire Flash Player directory, not just the \Flash Player\#SharedObjects sudirectory, as I have found some info also stored in the \Flash Player\macromedia.com\support\flashplayer\sys subdirectory.

  8. Jamie May 5, 2007 at 8:06 pm #

    Flash cookies are nothing new. Local Shared Objects have been around since at least Flash 6. I have use LSO's for a long time. They have been used to keep track of local high scores in flash based games and MANY other tasks. So you need to make a correction, and withdraw it being new. Unless you are consider 3+ year technology new.

  9. Martin May 5, 2007 at 8:53 pm #

    Jamie they are probably not new but relatively unknown to many users on the Internet.

  10. Dante May 6, 2007 at 2:44 pm #

    They were certainly unknown to me. Now that I found out, I now trust Adobe/Macromedia as much as I trust Sony and it's rootkits -- NOT!

  11. Litschi May 7, 2007 at 6:28 am #

    Thanks a lot for the great feedback. I've implemented your most wishes in this update.

  12. Vivek May 7, 2007 at 1:18 pm #

    Excellent Post!!

    I knew about separate type of cookies for flash but didn't know that they can be accessed only from a macromedia.com page. Very informative post.

  13. James June 23, 2007 at 9:11 am #

    Copies of these LSO's files persist even after you think remove them using the nonintuitive & hidden Adobe control panel. Check \Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys after deleting the LSO's.

    I think Adobe intentionally tries to deflect privacy concerns about these LSO files by putting the settings related to them on multiple different tabs, and referring to them as "storage" settings rather than "security" or "privacy" settings, as cookies are in most web browsers.

  14. Levi Blackman October 19, 2007 at 6:46 pm #

    Flash wouldn't work very well without these little helpers. Most of the applications you use have to use these files for basic function. You can be on the safe side and delete these files if you wish, but really, you need to stop entering personal information into flash forms anyways. Thats the only way any data like that would be written on to your computer.

    Kinda creepy you guys are so paranoid...YouTube, Myspace, all that jazz, are social networks. Anything you put out their, and anything you watch is up for grabs. Youtube get it...its TV all about you.

  15. Jesse November 17, 2007 at 11:51 pm #

    I agree with Levi. The only difference between Flash cookies at browser cookies is size. So what if Flash cookies can be bigger? You can easily store all your most sensitive information in the a 4K browser cookie, so it's really about the same "security risk". In fact it's possible from Flash to exchange cookies with the browser anyway!

    As Levi said, just make sure you trust the site presenting a form for you to type personal information into. Given to the wrong party, it can be abused no matter what kind of cookie is used. Surf safe!

  16. Jeroen January 11, 2008 at 3:41 pm #

    Hey gHacks, do you know if it's possible to read / view the contents of these flash cookies? Thx a lot!

  17. Frankie Magic March 12, 2008 at 10:23 pm #

    Thanks for this important info. When I located the folder that stored the cookies, I found that there were loads of them. All put there to spy on me. Disgusting. They should be exposed for this covert spying.

  18. CT March 27, 2008 at 4:31 am #

    Actually, even doing that isn't enough. I followed the steps outlined above and am currently running macromedia's flash under linux and it continues to save stuff to my computer. Granted, it's no longer doing so under the SharedObjects folder, it's still allowing stuff to be saved to the /support/flashplayer/sys/, even though I additionally set the storage space to nil. Don't worry, I'm sure Adobe is SUPER concerned about your privacy. :rolleyes:

  19. green_machine September 5, 2008 at 9:11 pm #

    What's creepy is the notion that anyone can fairly easily access almost any webcam etc, using a simple webpage. I don't have a webcam but I wouldn't say that for everyone who does it then means they want anyone to be able to watch them.
    I have windows on my house too - they aren't there for other people to look into.
    I certainly don't want any trackable or identifiable data being saved on my machine, especially if I can't easily delete it and control the settings.

    Thanks for this, it seems to work going by what I checked. Deleted the cookies, revisited a site I was using - it didn't remember me having been there, when I was previously being logged in. That is using Puppy linux.

  20. Moe D. October 1, 2008 at 6:12 am #

    The easiest way I've found to locate and clean up these cookies is just Start Button/Search *.sol and there they are. Just delete the ones you don't like.

  21. bart October 7, 2008 at 11:43 pm #

    FYI here is what I did:
    within the sol-files you will find other settings that you may want to keep (privacy-settings e.g.), so:

    edit the sol-file (free editor 4win: http://sourceforge.net/projects/soleditor/),

    then copy the edited file to another directory.
    write/have s'one write a batch-script:

    - to erase the content of the directory containing the original sol-file,
    - then find the Flash/#SharedObjects Directory and set the batch-script to erase this directory, or its contents.
    - tell the script to *copy* the backed up (edited) sol-file to its original location.
    - make the batch-script start at system start or browser shutdown, whatever you prefer.

    Please be aware that you will loose e.g. game-settings for flash-games you play online or the like.


  22. Maxatwo October 11, 2008 at 1:26 pm #

    You might be interested in MAXA Cookie Manager, a software that can manage Flash cookies togerther with conventional cooies of all major browsers.
    A lite-version is available for free on http://www.maxa-tools.com/cookie.php?lang=en

  23. Alex November 7, 2008 at 6:12 am #

    thank you! i had a ton of data and none was important

  24. L Court December 20, 2008 at 12:35 pm #

    Thanks for this great info - I had no idea about these cookies, which seem to be a lot more powerful and intrusive than 'normal' cookies.

    I've now accessed the Setttings Manager and done what's necessary :-)

  25. Ron February 15, 2009 at 4:03 pm #

    Are LSO/flash cookies shared between browsers?

  26. maxatwo February 15, 2009 at 7:10 pm #

    Yes they are, all browsers using the flash plugin share the data.

  27. tom February 17, 2009 at 12:24 am #

    I've found all of the suggested .bat files to be rather error prone. My best solution was to go to the Documents and SettingsUSERIDApplication DataMacromediaFlash Player folder and remove write privileges on this directory. I don't want any site writing data to track me. These damn flash objects are shared between sites. So your Bank of American FSOs can be taken off of your PC by another site you visit.

    No more FSOs...

  28. to: tom March 13, 2009 at 12:47 pm #

    tom wrote: "These damn flash objects are shared between sites."

    You are totally wrong here!

    Flash cookies are _not_ shared across domains.

  29. Kiki March 18, 2009 at 7:43 pm #

    I have been in the belly of the beast. This is long-winded...

    About 10 years ago, I worked for a company that developed e-marketing software. To marketing companies, the Internet represents a literal "gold mine" (money, money, money) of user information unlike anything they had seen in the past (such as in the pre-Internet days). Marketers "own" YOUR data, own YOUR e-mail address, and anything you do, and anywhere you go on the Web. And marketers have their reasons NOT to be upfront and honest about their numerous tracking habits.

    Even 10 years ago, marketers were concerned about people who dumped or blocked their browser cookies, so they developed alternate means to cookie tracking. Through the extremely popular use of JavaScript (and I know that developers love JS), marketers have found alternate methods maintaining other means of protecting their gold mine of marketing research data from users, without their direct express knowledge or consent.

    Companies' privacy policies might tell you about how they use traditional browser cookies (and often quite truthfully), but notice how they don't tell you about their alternate use of LSO Flash cookies or DOM Storage Objects!

    Like politicians and attorneys, marketers are masters at double-speak. That is how and why the Direct Marketing Association (DMA) issues "anti-spam" press releases, but yet conveniently grope to redefine what spam is and isn't to suit their members, who are MARKETERS. I know. I have attended DMA conferences.

    You know the "Do no evil" edict by a well-known and popular Web search company? That's another example of double-speak. They own doubleclick, which has a long-winded disgusting reputation "to serve their clients".

  30. Tim hughes April 11, 2009 at 9:41 pm #

    CCleaner an excellent privacy keeper /cleaner tool , allows you to clean these automatically or at will:


  31. Peter Koning April 20, 2009 at 7:40 pm #

    Flash cookies are also used in ecommerce/affiliate marketing because so many people are paranoid about cookies that they delete them, which means that if an affiliate referred a customer for a merchant, that affiliate won't get the credit if the merchant's affiliate tracking system relies just on cookies.

    Some affiliate tracking systems go further and check ip address, but with mobile growing and dsl switching ip addresses, ip tracking is not so reliable as a backup to cookies. Flash cookies ensure that more affiliates get credit for referred sales, which results in more motivated affiliates and more happy merchants.

    There are just a few affiliate tracking systems that support flash cookies, and super affiliates are demanding this feature more and more as they realize that some merchants are not giving them the credit for sales they sent them, because the cookies were deleted by some paranoid shopper.

    Sure this tracking method can be used in bad ways by some sites, but that's nothing new and there's many worse scenarios with js injection and drive by viruses on sites you visit.

    If you have a problem with it then turn it off.

    But then you ALSO need to consider the increased hassle you are making for yourself by having to re-enter data for sites like Google, YouTube, Flickr, Twitter and other respectable sites that use flash cookie tracking too. You can't have it both ways.

  32. maxatwo April 21, 2009 at 7:37 am #

    Hello Peter,

    you are completely right with everything you say, except:
    "But then you ALSO need to consider the increased hassle you are making for yourself by having to re-enter data for sites like Google, YouTube, Flickr, Twitter and other respectable sites that use flash cookie tracking too. You can't have it both ways."

    If you are using a sophisticated Cookie Manager like MAXA Cookie Manager, you can specify which cookies you want to keep (whitelist) and which ones you want to immediately delete or block (blacklist). As it support flash cookies togerther with all conventional variants of cookies, you can have it both ways indeed, using MAXA Cookie Manager:

  33. Anonymous April 27, 2009 at 11:51 am #

    Still, these Flash Cookies are quite usefull for me as a game developer. So there not all that evil. Otherwise u wont actualy be able to save your game (unles u want to use a SQL server).

  34. 探客 May 5, 2009 at 7:00 am #

    flash cookies URL?

  35. Dan May 9, 2009 at 6:38 pm #

    If Macromedia/Adobe's intentions were honorable, then they would have made it possible for the user to manage these cookies.

    Guess this is one of the reasons God created FlashBlocker?

  36. flashblock June 13, 2009 at 2:38 pm #

    @#$^&@!! @$#$%^ adobe

  37. stirner June 17, 2009 at 2:53 pm #

    On linux:

    rm -R /home/user/.macromedia
    ln -s /dev/null /home/user/.macromedia


  38. DX July 22, 2009 at 3:06 am #

    I found 546 flash cookies on my site, some recent activity on my machine has prompted to find changes on my machine. Apparently there is some capacity for malicious behavior with these cookies, phishing and such. My mac is not safe any longer. waugh!
    Thanks for the info.

  39. Hisself July 29, 2009 at 8:58 pm #

    There's a reason for Flashblock, and it's fuckwittery like this (not the article, which is excellent, Adobe's behaviour).

  40. latecomer August 11, 2009 at 8:44 pm #

    in some cases flash cookies are urgently required.

    For example, one of my favorite sites uses flash extensively in delivering content. I have to accept their cookies or their site won't store my preferences and my experience there would be severely adversely limited.

    Not all flash cookies are the devil.

    But, its great to now have some control over them. Thanks for the referral to that site.

  41. Bill August 12, 2009 at 6:05 pm #

    Thats it! no more inter webs for me! lol

  42. Radford Rigsby August 15, 2009 at 2:30 am #

    Excellent summary re flash cookies. Thanks


  43. Moose August 16, 2009 at 6:40 pm #

    Haha paranoid! All your clicks and visits on the web are being monitored anyways, ip's, location, time stored. It's a public space. I bet you scared victorians found some porn links in your .sol folder; what's wrong with that; your not the only one watching xtube.

  44. my ip is recorded, i'm not anonymous September 23, 2009 at 10:01 am #

    It is not necessary to use cookies in order to save temporary information required for whatever is needed.
    The point is that they don't want you to have the CONTROL of the amount of personal information you deliver and leave viewable for ANYONE every time you are surfing the net.
    Just think why didn't they implemented that Adobe Control Panel and you only have access through the web (and its unknown still today). And this panel doesn't remove all the information just part of it.

  45. being watched April 6, 2010 at 7:58 pm #

    "Not all flash cookies are the devil."

    No it's just that most of mine are 1k in size and i also know eBay is placing script on pages all over the internet just to get the referer string so they know each time you log on to get your email even after you have removed cookies and deleted history.

  46. Matej Svajger April 20, 2010 at 11:23 am #

    I see all the negative posts here about flash and it's local shared objects and I have to wonder why are you so afraid of privacy.

    What I mean to say is, if you're on the internet, nothing is private. BigBrother is watching you on so many levels you can't even imagine.

    Now flash can bring you great content and local shared objects are handy for storing information to make the best out of user experience on a flash website.

    Now how developers and corporations decide to use them is another thing. Technologies are out there and if it's not 'flash cookies' it's something else they will use. And yes it's for keeping track of your preferences and things you like, but mostly the reason is to serve you relevant content and save your time.

    So ,if anyone has a problem with privacy on the internet, they might as well uninstall their browser.

  47. eBuster May 6, 2010 at 4:51 pm #

    Nice to see you not only show the problom but also the solution.

    if we stopped Google/YouTube eBay and double click plus bill gates spying on us then the internet would work twice as fast.

    i'm not ebays best freind at all but shock, horror when i found they had scripts running in my freemail page and flash cookies on my machine.

    To date i know of six ways we are being tracked and i bet thats not hal of them and it's time we had a replacment for FF who is taking money from Google and can no longer be trusted.

  48. Poopie Cookie May 13, 2010 at 7:47 pm #

    I've noticed some flash cookies that survived many reformats,
    most of which were on machines before I got them, but some of
    which don't even have the same hard drive. I wonder where they
    are being stored, maybe refreshed from a database with MAC addresses?

  49. Daisy707 August 19, 2010 at 8:01 am #

    Overuse of "so called" (snort)

  50. KV August 20, 2010 at 12:26 am #

    I really think Adobe should be dumped from all computers. They are devious and Steve Jobs has the right attitude. No f-ing with my machine.

  51. NORAD August 25, 2010 at 5:40 pm #

    Adobe has also failed to mention that once you have made all of the modifications on their site (cleaning out LSO's and checking the settings to prevent future cookies), are all instantly undone as soon as you run any standard cookie cleaning program on your computer. Their "protective" cookie gets washed away leaving you right back where you were before, eliminating all of your efforts to enhance privacy.
    Design flaw? I doubt it.

  52. Erik Stone September 28, 2010 at 7:08 am #

    Wow. The bastards haven't said anything about those cookies and "The Media" doesn't say much of anything about them either.

  53. mannyalbite October 12, 2010 at 9:24 pm #

    This is all true but there is an easy way to remove this cookies use fire fox and go to this free addon it works the first time i installed it it remove more than 600 flash cookies and it remove then every time you closed your browser now is usually abot 1 to 7 depends were i browse and is free go here https://addons.mozilla.org/en-US/firefox/addon/6623/but you have to use fire fox I like fire fox but if i dont want to use fire fox just installed it and it will remove your flash cookies from any browser you used good luck a friend

  54. Dwight Stegall October 29, 2010 at 2:59 pm #

    Flash Cookies are not evil if you know how to control them. I have uninstalled Opera and Safari for Microsoft Windows computers because they don't allow you to do the following.

    View my post here.


  55. Jim November 11, 2010 at 4:20 am #

    This is something new -- finally a Firefox addon that gives you real control over tracking companies (including Flash cookies), without messing up cookies for other purposes or blocking ads entirely. The list of companies covered is amazing.

  56. Microsoft Lifecam January 26, 2011 at 5:40 am #

    Well thanks to your post now i have more control of my Cookies, sometimes is good to delete all them for safety.

  57. George April 7, 2011 at 8:24 pm #

    You can delete all "flash cookies" in your computer (when you close your browser window) by installing a free browser plug-in called Taco Abine. I use it with my Linux system and sometimes it deletes as many as 80 flash cookies at a time. I LOVE IT!

  58. Barbara May 15, 2011 at 5:39 pm #

    I am an Independent Researcher for Law Firms. I am currently researching the Flash cookie tracking via PayPal/eBay and was wondering if you could help me. I know they are tracking with all the lastest research reports that have came out via Wall Street Journals article "What They Know" and other Berkley Studies but explaing how the 3rd parties such as but not limited to ShareThis, LivePerson, MarkMonitor,etc.....
    Below is a sample of LSO cookie from PayPal therefore your input on what you see would be helpful.

    http://www.paypal.com paypalLSO.sol 10/21/2009 11:36:53 AM 10/21/2009 11:37:01 AM 111 C:\Documents and Settings\Owner.name [redacted]\Application Data\Macromedia\Flash Player\#SharedObjects\name [redacted]\www.paypal.com\paypalLSO.sol
    http://www.paypal.com ppLsoTest.sol 10/21/2009 11:35:06 AM 10/21/2009 11:35:06 AM 48 C:\Documents and Settings\Owner.name [redacted]\Application Data\Macromedia\Flash Player\#SharedObjects\name [redacted]\www.paypal.com\ppLsoTest.sol
    http://www.paypalobjects.com paypalLSO.sol 8/10/2010 8:26:47 PM 8/10/2010 8:26:55 PM 111 C:\Documents and Settings\Owner.name [redacted]\Application Data\Macromedia\Flash Player\#SharedObjects\name [redacted]\www.paypalobjects.com\paypalLSO.sol
    http://www.paypalobjects.com ppLsoTest.sol 7/20/2010 5:43:51 AM 7/20/2010 5:43:51 AM 48 C:\Documents and Settings\Owner.name [redacted]\Application Data\Macromedia\Flash Player\#SharedObjects\name [redacted]\www.paypalobjects.com\ppLsoTest.sol

    • Barbara May 15, 2011 at 5:40 pm #

      Thank you for any assistance you can provide.


      • Bill August 21, 2011 at 7:18 pm #

        Hi Barbara. I've been a Paypal user for years. I have never seen any LSOs on my two computers. I routinely screen for *.sol and also use the Adobe Flash Manager settings to insure that flash cookies do not get attached.

  59. Anonymous September 12, 2011 at 3:58 am #

    Run Abine.

  60. Pascal Roder May 17, 2012 at 10:45 am #

    Get this free tool

  61. peter February 2, 2013 at 10:25 pm #

    How many people could not give a website address that worked in this description. Could you please double check and test them first! What is the Firefox addon to control these cookies?

  62. peter February 2, 2013 at 10:37 pm #

    Firefox prevented the download of Better Privacy!?
    So what's the best solution here?

  63. peter February 2, 2013 at 11:07 pm #

    Anyone try CS Lite?
    Allows you control over cookies from your toolbar.

  64. Bill, Edmonton Canada March 23, 2015 at 6:01 pm #

    A VERY helpful post, Martin! Thank you very much!!

  65. tittyhead August 15, 2016 at 3:10 am #

    I only see flash 32bit in control panel ,shouldn't there be flash64bit too ?
    Maybe I'm confusing it with adobe.

Leave a Reply