diff --git a/lib/base.php b/lib/base.php
index 76ad0654ed..dde994a7e5 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -323,6 +323,9 @@ class OC {
 		// prevents javascript from accessing php session cookies
 		ini_set('session.cookie_httponly', '1;');
 
+		// set the cookie path to the ownCloud directory
+		ini_set('session.cookie_path', OC::$WEBROOT);
+
 		// set the session name to the instance id - which is unique
 		session_name(OC_Util::getInstanceId());
 
@@ -354,7 +357,7 @@ class OC {
 		// session timeout
 		if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) {
 			if (isset($_COOKIE[session_name()])) {
-				setcookie(session_name(), '', time() - 42000, '/');
+				setcookie(session_name(), '', time() - 42000, OC::$WEBROOT);
 			}
 			session_unset();
 			session_destroy();
diff --git a/lib/user.php b/lib/user.php
index 33e2526817..b19af94079 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -633,9 +633,9 @@ class OC_User {
 	public static function setMagicInCookie($username, $token) {
 		$secure_cookie = OC_Config::getValue("forcessl", false);
 		$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
-		setcookie("oc_username", $username, $expires, '', '', $secure_cookie);
-		setcookie("oc_token", $token, $expires, '', '', $secure_cookie, true);
-		setcookie("oc_remember_login", true, $expires, '', '', $secure_cookie);
+		setcookie("oc_username", $username, $expires, OC::$WEBROOT, '', $secure_cookie);
+		setcookie("oc_token", $token, $expires, OC::$WEBROOT, '', $secure_cookie, true);
+		setcookie("oc_remember_login", true, $expires, OC::$WEBROOT, '', $secure_cookie);
 	}
 
 	/**