To restrict the domain of our cookies, we can use some Web.config settings.
<configuration>
<system.web>
<!--
<httpCookies domain="app1.*.com" />
</system.web>
</configuration>
To restrict the path, we’ll need to add some server-side code. How we handle this is largely dependent on the structure of our application, but the example function below allows us to specify the path from a value in our Web.config when we set a cookie.
private void SetCookie(string Key, string Value)
{
Response.Cookies[Key].Value = Value;
Response.Cookies[Key].Path = _
ConfigurationManager.AppSettings["UserDefinedCookiePathFilter"];
}
If we use this method to create all of our user-defined cookies, it will then allow us to restrict the path from our web.config like so:
<configuration>
<appSettings>
<add key="UserDefiniedCookiePathFilter"
value="/VirtualDirectoryToFilter"/>
</appSettings>
</configuration>
check this for more details
https://headmelted.com/securing-asp-net-cookies-a1e1b1648ed[
^]