Cookies are available to the domain they are set for. Typically with Cookies you want to make sure to set them as secure, and ideally HTTPS only access. Google ‘Secure HTTP cookies’, and do a little research on how to protect yourself and your users.