Path property of cookie
The path attribute of a Cookie can be used to limit the file directory that specifies the range of Cookie sending. However, there are other ways to avoid this restriction. It seems that one cannot expect its effect as a security mechanism.
Domain attribute of cookie
The domain name specified by the domain attribute of the Cookie can match the end. For example, when example.com is designated, except example.com, www.example.com or www2.example.com can send Cookie. Therefore, it is safer not to specify the domain attribute except to send Cookie for specific specified multiple domain names.
The expires property of a Cookie specifies the period of validity that the browser can send cookies. When the expires attribute is omitted, its validity period is limited to the period during which the browser Session is maintained. This is usually limited to before the browser application is closed. In addition, once cookies are sent from the server side to the client side, there is no way for the server side to explicitly delete cookies. However, the client Cookie can be substantially deleted by overwriting the expired Cookie.