Set Path=/ when setting USER_IDENTITY_COOKIE cookie

[squince]

When no Path component is set using Set-Cookie, at least some browsers will set the user cookie on every path requested from the host. This results in the cookie repeatedly being set on the same domain. This probably does no other harm than cause mild confusion on the part of developers, but also has no obvious benefit.

If we're going to bother setting a user cookie, we should just set it on the root path of the domain.

[wballard]

You can log into different services with different identities, though it isn't clear this is useful, if we were to set the path to match the service url.

On Mar 11, 2016, at 8:49 PM, Steve Quince notifications@github.com wrote:

When no Path component is set using Set-Cookie, at least some browsers will set the user cookie on every path requested from the host. This results in the cookie repeatedly being set on the same domain. This probably does no other harm than cause mild confusion on the part of developers, but also has no obvious benefit.

If we're going to bother setting a user cookie, we should just set it on the root path of the domain.

— Reply to this email directly or view it on GitHub.

[squince]

Yep, that's my intent... I'll not submit the pull request until it works this way. Each container should continue to have it's own security mechanism.