Click here to Skip to main content
15,665,942 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
I am having security issue of the cookie path mapped to root folder or so. I want to set the cookie path attribute to application defined folder in the Configration file.

What I have tried:

<httpCookies requireSSL="true" httpOnlyCookies="true" domain="" />
Updated 23-Dec-19 18:50pm

1 solution

To restrict the domain of our cookies, we can use some Web.config settings.
    <!-- Prevent access to cookies from other sub-domains -->
    <httpCookies domain="app1.*.com" />

To restrict the path, we’ll need to add some server-side code. How we handle this is largely dependent on the structure of our application, but the example function below allows us to specify the path from a value in our Web.config when we set a cookie.
private void SetCookie(string Key, string Value) 
    Response.Cookies[Key].Value = Value;
    Response.Cookies[Key].Path = _

If we use this method to create all of our user-defined cookies, it will then allow us to restrict the path from our web.config like so:
    <add key="UserDefiniedCookiePathFilter"

check this for more details[^]
Share this answer
ranio 26-Dec-19 5:11am    
I tried some options. But what is happening is that i am getting multiple cookie paths.
I just want the second one and remove the default / path
One mapped to root path as /
Another mapped to the virtual directory /test

My code:
Web.Config file
<add key="UserDefiniedCookiePathFilter" value="/DDS_AHB">

Global.asax page
Under Application_PreSendRequestHeaders Event

string CookiePath= ConfigurationManager.AppSettings["UserDefiniedCookiePathFilter"];
Response.AppendHeader("Set-Cookie", "path="+CookiePath);

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900