In order to ensure security the cookies (from each application) should not be scoped just at the domain level but rather scoped to an application level within a domain. How do I do this? Do I need to check with my container if it offers anything on this? Thoughts..? How did others here deal when they had secure and insecure parts of application using cookies?