HTTP is a stateless protocol. Stateless means there is no relationship between consecutive requests and responses. So, how is state maintained while using HTTP? Cookies to the rescue.

Say, you have requested a page from foo.com. Then, all cookies stored in your browser under foo.com will be sent along with the request. Now, say the page you requested from foo.com uses a script from bar.com i.e the mark up of the page you requested from foo.com has the following in it:

<script src=”http://www.bar.com/js/moo.js”/&gt;

Now, when the browser sends a request to bar.com for the script moo.js, will cookies stored under foo.com be sent along with the request? The answer is no. A site gets cookies only which are stored under it’s domain. It is not dependent on the referer. When bar.com responds with the file moo.js, if it sends cookies along with the response, under which domain will these cookies be set? This depends on your browser security setting i.e whether you have enabled third party cookies in your browser or not. If your browser allows third party cookies, the cookie will be set under the domain bar.com and not foo.com .

Say the script moo.js served by bar.com contains code to set cookies. Will these cookies be set under bar.com or foo.com? These cookies will be set under foo.com. When your are in domain foo.com there is no way to set cookies under another domain say bar.com. This is a violation of browser security model.

Read more about cookies here.

Advertisements