Isn't that just the feature working as intended? Of course it is possible to introduce a bug by setting or not setting a cookie somewhere where it should/shouldn't be set.

I've never found a use for path-based cookies personally, but I'm not sure this is a particularly compelling example.

▲

speleding 7 months ago | parent [-]

The typical example of a path-based cookie is the "remember my login name" feature, where you want the cookie with the user name only available on the login page. (And you cannot use session storage because you want it to work whilst logged out.)

▲

Xelynega 7 months ago | parent [-]

You don't need to store multiple login names for seperate pages though, so why can't this just be a site wide cookie?

	▲	speleding 7 months ago \| parent [-]
		That would include the cookie with each request, which is inefficient. And potentially it also can get sent with requests to other subdomains, which may not be desirable from a security point of view (it could be cdn.example.com, owned by someone else)