This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Shared Objects

Revision as of 21:50, 26 August 2008 by Rahimjina (talk | contribs) (Review)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

OWASP Code Review Guide Table of Contents

Shared Objects are designed to store up to 100kb of data relating to a users session. They are dependent on host and domain name and SWF movie name.

They are stored in binary format and are not cross-domain by default. Shared objects are not automatically transmitted to the server unless requested by the application.

It is worth noting that they are also stored outside the web browser cache:

C:\Documents and Settings\<USER>\Application Data\Macromedia\Flash Player\#Shared Objects\<randomstring>\<domain>

In the case of cleaning the browser cache Flash sharedobjects survive such an action.

Shared objects are handled by the Flash application and not the clients' web browser.