HTTP is a stateless protocol. Stateless means there is no relationship between consecutive requests and responses. So, how is state maintained while using HTTP? Cookies to the rescue.

Say, you have requested a page from Then, all cookies stored in your browser under will be sent along with the request. Now, say the page you requested from uses a script from i.e the mark up of the page you requested from has the following in it:

<script src=””/&gt;

Now, when the browser sends a request to for the script moo.js, will cookies stored under be sent along with the request? The answer is no. A site gets cookies only which are stored under it’s domain. It is not dependent on the referer. When responds with the file moo.js, if it sends cookies along with the response, under which domain will these cookies be set? This depends on your browser security setting i.e whether you have enabled third party cookies in your browser or not. If your browser allows third party cookies, the cookie will be set under the domain and not .

Say the script moo.js served by contains code to set cookies. Will these cookies be set under or These cookies will be set under When your are in domain there is no way to set cookies under another domain say This is a violation of browser security model.

Read more about cookies here.