ACTIONSCRIPT 3 Developer’s Guide en

Chapter 39: Storing local data
Flash Player 9 and later, Adobe AIR 1.0 and later
You use the SharedObject class to store small amounts of data on the client computer. In Adobe AIR, you can also use
the EncryptedLocalStore class to store small amounts of privacy-sensitive user data on the local computer in an AIR
application.
You can also read and write files on the file system and (in Adobe AIR) access local database files. For more
information, see “Working with the file system” on page 652 and “Working with local SQL databases in AIR” on
page 713.
There are a number of security factors that relate to shared objects. For more information, see “Shared objects” on
page 1063 in “Security” on page 1031.
Shared objects
Flash Player 9 and later, Adobe AIR 1.0 and later
A shared object, sometimes referred to as a “Flash cookie,” is a data file that can be created on your computer by the
sites that you visit. Shared objects are most often used to enhance your web-browsing experience—for example, by
allowing you to personalize the look and feel of a website that you frequently visit.
About shared objects
Flash Player 9 and later, Adobe AIR 1.0 and later
Shared objects function like browser cookies. You use the SharedObject class to store data on the user’s local hard disk
and call that data during the same session or in a later session. Applications can access only their own SharedObject
data, and only if they are running on the same domain. The data is not sent to the server and is not accessible by other
applications running on other domains, but can be made accessible by applications from the same domain.
Shared objects compared with cookies
Flash Player 9 and later, Adobe AIR 1.0 and later
Cookies and shared objects are very similar. Because most web programmers are familiar with how cookies work, it
might be useful to compare cookies and local SharedObjects.
Cookies that adhere to the RFC 2109 standard generally have the following properties:
They can expire, and often do at the end of a session by default.
They can be disabled by the client on a site-specific basis.
There is a limit of 300 cookies total, and 20 cookies maximum per site.
They are usually limited to a size of 4 KB each.
They are sometimes perceived to be a security threat, and as a result, they are sometimes disabled on the client.
They are stored in a location specified by the client browser.
Last updated 6/6/2012
700