all session data (flash is just a "modified session var") is stored on the server. The only thing stored client side (unless you specificly set it) is the session id and a session key to validate the user.
all session data (flash is just a "modified session var") is stored on the server. The only thing stored client side (unless you specificly set it) is the session id and a session key to validate the user.