diff --git a/internal/auth/delivery/http/auth_http.go b/internal/auth/delivery/http/auth_http.go
index 5173a02..11a996b 100644
--- a/internal/auth/delivery/http/auth_http.go
+++ b/internal/auth/delivery/http/auth_http.go
@@ -141,7 +141,7 @@ func (h *RequestHandler) Register(r *router.Router) {
 			ContextKey:     "csrf",
 			CookieDomain:   h.config.Server.Domain,
 			CookieName:     "__Secure-csrf",
-			CookiePath:     "",
+			CookiePath:     "/authorize",
 			TokenLookup:    "param:_csrf",
 			TokenLength:    0,
 			CookieSecure:   true,
@@ -239,7 +239,6 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
 func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
 	ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
 	ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
-	ctx.Request.Header.DelCookie("__Secure-csrf")
 
 	encoder := json.NewEncoder(ctx)
 
diff --git a/internal/ticket/delivery/http/ticket_http.go b/internal/ticket/delivery/http/ticket_http.go
index 68c7aa6..83350b0 100644
--- a/internal/ticket/delivery/http/ticket_http.go
+++ b/internal/ticket/delivery/http/ticket_http.go
@@ -70,7 +70,7 @@ func (h *RequestHandler) Register(r *router.Router) {
 			ContextKey:     "csrf",
 			CookieDomain:   h.config.Server.Domain,
 			CookieName:     "__Secure-csrf",
-			CookiePath:     "",
+			CookiePath:     "/ticket",
 			TokenLookup:    "form:_csrf",
 			TokenLength:    0,
 			CookieSecure:   true,