diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 4be651472ba..b1c0c8d276a 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -159,7 +159,8 @@ class Auth::DefaultCurrentUserProvider
       value: unhashed_auth_token,
       httponly: true,
       expires: SiteSetting.maximum_session_age.hours.from_now,
-      secure: SiteSetting.force_https
+      secure: SiteSetting.force_https,
+      path: GlobalSetting.relative_url_root.nil? ? '/' : GlobalSetting.relative_url_root
     }
 
     if SiteSetting.same_site_cookies != "Disabled"
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index a80a1b4848c..8a196d97966 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -245,6 +245,18 @@ describe Auth::DefaultCurrentUserProvider do
     expect(cookies["_t"].key?(:same_site)).to eq(false)
   end
 
+  it "cookies includes path" do
+    user = Fabricate(:user)
+    cookies = {}
+    provider('/').log_on_user(user, {}, cookies)
+    expect(cookies["_t"][:path]).to eq("/")
+
+    GlobalSetting.stubs(:relative_url_root).returns('/forum')
+    cookies = {}
+    provider('/').log_on_user(user, {}, cookies)
+    expect(cookies["_t"][:path]).to eq("/forum")
+  end
+
   it "correctly expires session" do
     SiteSetting.maximum_session_age = 2
     user = Fabricate(:user)