From the Ajax Security book:

Data sharing with userData is extremely limited. You cannot share data between different domains or even sub domains of the root domain. You cannot share data with other web servers or services running on different ports of the same domain. You can only share data between web pages inside the same directory on the same For example, data stored by http:// company.com/Storage/UserData.html can be accessed by http:// company.com/Storage/Checkout.html or any other page inside the /Storage/ directory. Attempting to access data from other pages simply returns null. These are the default restrictions and they cannot be changed. This default closed policy is almost the exact opposite of the default cookie policy. This constitutes the lone good security decision in Internet Explorer 5.0.