I need to set cookies path to my application directory so that cookies should not be shared across other domain/sub domain.
How can i set cookies path in the web.config file?
At present i have below configuration-
<httpCookies httpOnlyCookies="true" requiredSSL="true" />
Now how can i add path so that cookies are not shared with other application. I can see -
Set-Cookie: ASP.NET_SessionID= XXXX; path=/; secure; HttpOnly; SameSite=Lax
Path=/ - is presently defaulted to root level which I need to explicitly defined to application level and that too in the web.config file
My site url would be like - Www.WebApp.Company.com/VirtualDirectory/Page.aspx
Now i wanted to restrict cookies to be accessible within VirtualDirectory and not with other applications added in web server.
Any web security expert please suggest solution.