Why does that happen Gedan? Is it an inherent property of Flash? Python games like Princess Trainer always save to their own folder in AppData, with the corresponding version number.
Flash tries to keep everything at arms length. Any SWF you load will, at the very least, save any data using flash cookies (sol files) in a subfolder based on the domain that the SWF was loaded from. There's no way around this- we can go deeper and make folder structures inside that, but creating a shared object with a path of "/" (root) will actually create it on the filesystem under a path like "SharedObjects/<Random Ident>/example.com/".
If you play on the website, the SWF file is being loaded directly from a remote source, so it'll use that ("<RandomIdent>/fenoxo.com/TiTS_1.sol" etc) but if you download the SWF and then drag it into a browser window from your local disk, it'll be seen as having been loaded from localhost.
This is p. much all security. Flash itself has like 3 core modes of operation and then a special one; Remote, Local w/ Network, Local w/ Filesystem and Trusted.
Local w/ Network will enable various
upstream network capabilities. That is, if you want to send data to a server in any more complex for a format than simple URI get paramaters, you
must be running the SWF in the networked sandbox. I
think the limiation is mostly in place around shared object usage*. The Remote sandbox is
nearly identical.
Local w/ Filesystem will enable some direct filesystem reading/writing functionality. It's
incredibly limited from the point of view of the code in the SWF, but it does enable you to save and load files to a degree. The AIR apis give you much better filesystem access (like the ability to enumerate directory contents, yeah, the raw SWF apis are that limited...), but then you won't be able to run the thing directly in a browser.
Those modes are mutually exclusive; one infers the absence of the other.
Trusted, though, enables both at the same time, but it basically has to be done manually by the user. I think there's some text file somewhere that you can specify paths to SWFs/certain folders that will be checked by Flash whenever you load an SWF, and any SWF that is specified by that file will load up in Trusted mode, but an SWF file itself couldn't modify that- it would defeat the point of the sandboxes.
Sol files are basically the only sure fire way to store data on the client (unless the user has expressly forbidden the domain of the loaded SWF from saving shared objects...), but doing so is, again, incredibly limited. Because shared objects are enabled whilst in networked mode, Flash tries to ensure that any given SWF will
only ever have access to data it has created and may be relevant to it, ie, only allow it to access the folder of the domain it was loaded from (for sharing data indirectly between multiple SWFs on the same site). It's, again, impossible to enumerate the names of these afaik, so you have to know precisely what you're looking for ahead of time.
*As a sidenote: Shared Objects are a lot more potentially complicated than just raw data storage like a cookie (as a lot of people call them; Flash Cookies). They can also be used to maintain a network data stream with prescribed interface available on an object instance at both the client and server end. They actually do a pretty good job of data compression and data deduplication for that too. iirc RTMP uses shared objects to actually transfer the video stream from server to client which is why you basically have to use flash to view an RTMP stream (short of p. complicated native desktop apps); replicating the shared object networking system in a language without a native implementation of it would be too slow to be worth while.