MSAL Auth Cookie Path - Light Portal Documentation

The cookiePath property controls the Path attribute applied to all Set-Cookie headers generated by the handler.

Configuration Options

cookiePath: /

Usage

The Path attribute dictates the URL paths for which the cookie is valid. The browser will only send the cookie if the request URL matches or is a subdirectory of this path.

In most Single Page Application (SPA) configurations, this should be set to /. Setting it to / ensures that the accessToken and csrf cookies are sent on every API request directed at the gateway, regardless of the API’s specific path (e.g., /api/v1/users, /v2/data).

If you run multiple distinct applications behind the same domain and want to isolate their cookies by route, you can specify a narrower path (e.g., /my-app/).

Keyboard shortcuts

Light Portal Documentation

MSAL Auth: Cookie Path

Configuration Options

Usage