Delete Flash Cookies

Martin Brinkmann
Jul 30, 2008
Updated • Mar 9, 2013
Firefox, Firefox add-ons

Flash Cookies, or Local Shared Objects, are stored on the user system by Macromedia Flash applications. They function a lot like cookies and can be used to store session information or save a game progress. The real problem that many users have with them is that they do not know that they exist because they are not stored in the same directory as the normal browser cookies.

Adobe is providing a website with options to change Flash Cookie behavior. Users can change the storage space - default 100K - or deny access to Flash Cookies to websites that they have already visited.

It's not a practical solution though. Objection on the other hand is a Firefox add-on that is giving access to the Flash Cookies right in the browser. It is not possible to change settings with the add-on but it provides an easy way to delete selected (or all) Flash Cookies.

The add-on provides an automatic search to find the location of the Local Shared Objects Folder on the system. It was not able to detect mine and I had to manually add it by browsing to the correct location. According to Wikipedia Flash Cookies are located in..

  • Windows: LSO files are stored typically with a ".SOL" extension, within each user's Application Data directory, under Macromedia\Flash Player\#SharedObjects.
  • Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/Flash Player. For AIR Applications, ~/Library/Preferences/[package name (ID) of your app].
  • GNU-Linux: ~/.macromedia

All Flash Cookies stored on the system are displayed once the folder has been correctly identified. A click on a Flash Cookie displays its contents. The user has the option to delete selected Flash Cookies only or all of them in one go.

Update: Objection has not been updated in a long time. to make matters worse, it is also not listed on the Mozilla Add-ons repository. We suggest you use an extension like Better Privacy instead which can also handle Flash cookies in the browser.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Island Jon said on July 1, 2014 at 4:37 am

    Thanks Martin. I can actually see the .sol file get placed within the directory (watching directory in my file browser) when I click on some web links like Youtube which, as noted in GNU-Linux: ~/.macromedia In this case it WAS Perfectly right!!
    And yes, Firefox extension, Better Privacy does erase them as intended.

  2. simon said on October 3, 2011 at 2:54 pm

    how can i delete flash cookies directly from i.explorer ?

    1. Martin Brinkmann said on October 3, 2011 at 3:09 pm

      You can delete them from the Windows Control Panel. Locate Flash Player (32-bit) there.

  3. Tom said on May 8, 2011 at 9:20 pm

    “These cookies are NOT HARMLESS! They contain highly specific, personal info about your computer and your viewing habits.”

    Your kidding right?? Making such a blanket remark about ‘every’ flash cookie is more harmful than helpful. My site for example uses a flash cookie. On the home page intro, if you click on the ‘mute’ button to stop the music, it saves that so on your next visit, the sound is already off, and vice versa. Every time I have used regular or flash cookies, it has been for the convenience (and sometimes security) of the visitor. That can in no way be considered ‘harmful’, nor does it contain ANYTHING about your computer, and what is wrong with remembering ‘viewing habits’ (when used as a convenience for the visitor)??. The reason for this entry is because there are a LOT of sites out there that cause panic instead of teaching. A cookie that contains something like your userid (encoded of course), protects that visitor from someone else saying they are you. I think if more people knew just why they are used, they would not panic at the thought. If you want to block my little ‘mute’ cookie so the music plays everytime you hit my home page, fine. But, if you dont like the music every time, wouldn’t it be GREAT if you only had to hit the button once??? Programmers like myself had to switch to flash cookies because they do stay around a lot longer, and are harder to erase. I personally would never use a flash cookie, for that exact reason, for anything sensitive. I think each type of cookie has its own specific uses. Unfortunatly, there are a lot of programmers out there who do not give a d**m about the happiness of a sites visitors. Thanks for your time.

  4. shouldbeme said on October 20, 2010 at 11:05 pm

    Easy way is to create empty files named “adobe” and “macromedia” where the folders are stored on Windows or on *nix a simple:

    touch $HOME/.{adobe,macromedia}

    will do the job. Then Flash is unable to store any LSO’s. Still some sites like myvideo or dailymotion require them to be functional (flv’s won’t start without LSO’s) so instead of spending time to finding a way on how to delete LSO’s, spend the time and complain they use such evasive methods (dailymotion etc.)

  5. Karen said on September 22, 2010 at 4:33 am

    Secunia Personal Software Inspector always lists adobe flash, sunjave & provides patches. Does this get rid og the cookies?

  6. Bisclavret said on January 21, 2010 at 6:16 am

    The problem with LSOs is that by the time you discover and delete them, the damage has been done, especially if one or more of the LSOs collects personal information. There should be a way to stop the sites from putting them on the machine in the first place.

    Using Objection or BetterPrivacy, is like killing a rattlesnake after being bitten. It gets rid of the snake, but it doesn’t stop the venom already in your blood stream. As far as I know, Flashblock is the only Firefox add-on that comes close to dealing with the problem by blocking the Flash app from loading in the first place. BetterPrivacy can be set to alert the user when an LSO is placed on the machine; but the possibility exists that the LSO could gather information and phone it home before the Internet connection could be severed and the LSO deleted.

    Flashblock might block flash apps from loading or running, but a flash video or ad does not have to be loaded for LSOs or Flash cookies are placed on the user’s machine. Even with Flashblock running and all flash apps (ads, videos, etc.), Flash cookies and LSOs are still placed on the user’s machine.

    Regarding the directories where Flash Cookies and LSOs are stored, there are seven locations that I have found so far where they are stored. Those locations are:

    Not checked by BetterPrivacy or Objection:
    C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\\support\flashplayer\sys\filename.sol
    C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\[alpha-numeric folder name]\filename.sol

    C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\\support\flashplayer\sys\filename.sol
    C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\[alpha-numeric folder name]\filename.sol

    C:\Documents and Settings\Owner.[Your_Owner_Name]\Application Data\Macromedia\Flash Player\\support\flashplayer\sys\filename.sol
    C:\Documents and Settings\Owner.[Your_Owner_Name]\Application Data\Macromedia\Flash Player\#SharedObjects\[alpha-numeric folder name]\filename.sol


    No matter which Flash cookie/LSO detector add-on is used, only one directory is checked by default:
    C:\Documents and Settings\Owner.[Your_Owner_Name]\Application Data\Macromedia\Flash Player\#SharedObjects\filename.sol

    Other directories can be checked, but they have to be entered manually or copied and pasted from a text file that lists the directories likely to be affected.

    So, until there is a program that will absolutely block Flash Cookies and LSOs from being downloaded, the detection apps amount to too little too late.

    I did an experiment using BetterPrivacy and Flashblock. I didn’t care for Objection, because it cannot be configured at all except to change the directory that is checked and to record Flash cookies or LSOs that are downloaded to the chosen directory. BetterPrivacy can be configured to warn the user when an LSO or a Flash cookie is downloaded–and it will delete them. However, the “Delete Flash cookies upon application start” feature does not work. I had it ticked, but when the flash cookies were placed on my machine and the video player (application) started, the cookies/LSOs were not deleted. They remained on my machine until I removed them.

    Don’t let anyone tell you that the cookies are necessary in order for a Flash application to run or run correctly. That is not true. After choosing a video and receiving the warning from BetterPrivacy that the cookies/LSOs had been downloaded, I deleted them while the video was playing and had no interruption whatsoever in the video. It still downloaded to the cache, and it still played as it downloaded with no difference in speed or quality compared to playing the video with the cookies/LSOs on my machine. I tried deleting the LSOs before playing the video, and still the video played correctly. So, the LSOs and Flash cookies have nothing whatsoever to do with playing or the quality of Flash videos (flv files).

    It should be noted, too, that I did the experiment with Flashblock running and then repeated the experiment with Flashblock disabled. In both scenarios, the LSOs and Flash cookies were downloaded onto my hard drive. Flashblock does not block the cookies and LSOs. All it does is stop the flash video or audio from running or downloading to the cache.

    Someone needs to develop an add-on that will altogether stop the Flash cookies and LSOs from downloading. Until then, the Flash cookies and LSOs will have to be found and deleted manually.

  7. nix said on October 20, 2009 at 12:05 am

    Yeah, disabling flash cookies in Linux is broken….. I have have to manually delete them… this is for flash 10.

  8. me said on October 15, 2009 at 3:24 pm

    I am able to locate .SOL files, but not .LSO so which one is it?

  9. wap-tek said on August 19, 2009 at 10:14 am

    put a file in each directory named after the sub directory
    flash will fail to store the cookies
    or,,,,,,,,, use
    = = = flushflash.bat = = =
    cd “C:\WINDOWS\Application Data\Macromedia\Flash Player”
    deltree /Y *.*
    cd “C:\WINDOWS\Application Data\Adobe\Flash Player\AssetCache”
    deltree /Y *.*

  10. David said on August 14, 2009 at 12:57 pm

    You can also add the Macromedia folder…

    C:\Documents and Settings\USERNAME\Application Data\Macromedia\Flash Player

    …to CCleaner’s include folder, so it gets automatically cleaned every time you run the program.

  11. XS3 said on March 23, 2009 at 8:15 pm

    The easiest and most effective way (I’m a lazy person) is to remove the write authority on the

    C:\Documents and Settings\USERNAME\Application Data\Macromedia\Flash Player

    Directory. All of your online bank sites still work.. because note all people have flash installed, and not all browser types support flash.

  12. Krovas said on November 11, 2008 at 10:06 am

    In Linux, it looks like they also may be stored in ~/.adobe

  13. Joe said on August 28, 2008 at 12:55 pm

    Note: in Linux, LSOs are stored in ~/.macromedia/Flash_Player/#SharedObjects not just ~/.macromedia

  14. Cookie Crusher said on August 27, 2008 at 8:50 pm

    Objection is a plugin which is headed in the right direction; but, as one of the previous posters indicated, has no automation available through the extension.

    Another solution (which I personally implement and recommend) is to set up a periodic nulling run (every few minutes or so) of a great freeware backup program called “Replicator”:


    The desired functionality is realized through a job setup which is configured to copy content from any arbitrary directory of your system (“C:\” for example) WITHOUT TRANSFERRING ANY FILES OR SUBFOLDERS (in other words, nothing at all) directly to your “C:\Documents and Settings\USERNAME\Application Data\Macromedia\Flash Player\” folder.

    The resulting mirror will be void: Complete automated deletion of all LSO cookies; with the bonus of having a fantastic freeware backup program in your system tray.


  15. anon said on August 2, 2008 at 11:47 am

    1. Even after you go (repeatedly) to the adobe/macromedia website and think
    you have set FlashPlayer to stop hiding these nasty secret cookies, they
    still appear on your hard drive.

    2. You can do a Search for them on your machine by searching for *.sol and
    you will find a lot of them.

    3. You can VIEW the content of some of the cookies (some are encrypted)
    with your Notepad or similar program.

    4. MAXA COOKIE MANAGER (Germany) will find these secret cookies (and will
    let you see their content), but if you want to delete them, you need to buy
    the Paid Version of MAXA.

    5. These cookies are NOT HARMLESS! They contain highly specific, personal
    info about your computer and your viewing habits. Some of them even include
    your computer’s name and directory paths. This is way too invasive and
    should not be allowed–especially when done secretly behind our backs like
    this, by Adobe/Macromedia.

    6. If you feel these secret Adobe/Macromedia spy cookies are a violation of
    your privacy and personal boundaries, COMPLAIN LOUDLY to Adobe & DEMAND that
    they provide a PATCH that allows end-users to set the parameters (ON OUR OWN
    HARD DRIVES without interference from Adobe!) for whether these cookies
    appear on our machines…

    We need a way to PERMANENTLY OPT OUT of these invasive Flash Cookies.


  16. Dante said on July 30, 2008 at 2:46 pm

    I know it’s still in development, but it would be nice if they have a feature that deletes all flash cookies upon exit from the browser.

    As usual, thanks for the tip. Keep them coming.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.