问题标签 [cookie-path]

I am trying to set the scope of a cookie for only the default web page on my web application using the HttpCookie.Domain and HttpCookie.Path. The page is named "default.aspx". Problem is, it is set as the default web page so the user goes to "mywebsite.com" in which the path is "/". So the browser does not see the name of the page and therefore doesn't find the cookie if Path is set to "/default.aspx" subsequently.

Is there a trick to get around that or am I stuck with just using a cookie that will be sent back and forth for all pages in the site?

我有两个具有共同域名的应用程序，例如www.kishore.com/travelSite和www.kishore.com/researchSite。
因此，在travelSite中，我正在创建一个 cookie，如下所示

这里我在travelSite中设置 Path to / 的原因是，我希望在researchSite中使用这个 cookie 。但问题是，当我发送此代码进行扫描时，它表示使用上下文路径（即 /）很容易受到攻击。
设置此/travelSite可以消除扫描中的易受攻击的错误，但不能用于researchSite。

想知道是否有解决方法？我可以在 cookie 路径中设置域名，即 kishore.com。如果有怎么办？

在 ASP.NET Core 6 MVC 中，多租户应用程序租户具有不同的路径基础，例如/tenant1和/tenant2.

HttpContext PathBase来自请求 url 的中间件集。

SignInAsync方法始终将身份验证 cookie 路径设置为根路径/。

我正在尝试PathBase使用此代码段设置身份验证 cookie 路径：

下面显示的代码会引发编译时错误，因为AuthenticationProperties没有Path属性。如何设置 cookiePath属性，以便不同的用户可以使用不同的基本路径进行身份验证？

I need to set cookies path to my application directory so that cookies should not be shared across other domain/sub domain.

How can i set cookies path in the web.config file?

At present i have below configuration-

Now how can i add path so that cookies are not shared with other application. I can see -

Path=/ - is presently defaulted to root level which I need to explicitly defined to application level and that too in the web.config file

My site url would be like - Www.WebApp.Company.com/VirtualDirectory/Page.aspx

Now i wanted to restrict cookies to be accessible within VirtualDirectory and not with other applications added in web server.

Any web security expert please suggest solution.