Session cookie attributes are not set properly in Jenkins

[Mohtashim S]

It is  observed that, path cookie attribute not set properly in Jenkins.

Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Path=/;...Max-Age=0; Secure; HttpOnly 

Problem Description:

Verify that the domain has not been set too loosely. It should only be set for the server that needs to receive the cookie. For example: If the application resides on the server app.mysite.com, then it should be set to ; domain=app.mysite.com and not to ; domain=.mysite.com as this would allow other potentially vulnerable servers to receive the cookie. Path: Verify that the Path attribute has not been set too loosely. Even if the Domain attribute has been configured securely, if the path is set to the root directory / then it can be vulnerable to less secure applications on the same server. For example: If the application resides at /myapp/, then verify that the cookies path is set to ; path=/myapp/ and not to ; path=/. 

Can you please suggest ?