A phone application state management mechanism is described. The mechanism adopts the state storage format widely known as "Cookies" to store information in a cross-application standard format. Cookies for multiple users are stored on a single machine that retrieves phone applications using a hypertext transfer protocol (HTTP). Suitable state information for a particular user is automatically retrieved in connection with HTTP requests. Further, by phone based applications can set the values of suitable cookies. An enforced access policy can be used to prevent an application provided by a first legal entity from accessing state information stored by an application provided by another legal entity. The approach can also be used to reduce the passing of telephone identifying information between applications for user identification purposes.