diff --git a/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryOptions.cs b/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryOptions.cs
index 98f4968c1e..b8c6e4b816 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryOptions.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/AntiforgeryOptions.cs
@@ -47,8 +47,9 @@ namespace Microsoft.AspNetCore.Antiforgery
         }
 
         /// <summary>
-        /// The path set on the cookie. If it's <c>null</c>, the "path" attribute on the cookie is set to current
-        /// request's <see cref="HttpRequest.PathBase"/> value.
+        /// The path set on the cookie. If set to <c>null</c>, the "path" attribute on the cookie is set to the current
+        /// request's <see cref="HttpRequest.PathBase"/> value. If the value of <see cref="HttpRequest.PathBase"/> is
+        /// <c>null</c> or empty, then the "path" attribute is set to the value of <see cref="CookieOptions.Path"/>.
         /// </summary>
         public PathString? CookiePath { get; set; }
 
diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgeryTokenStore.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgeryTokenStore.cs
index ada7752396..0a78eddb41 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgeryTokenStore.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/DefaultAntiforgeryTokenStore.cs
@@ -71,7 +71,6 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
 
             var options = new CookieOptions();
             options.HttpOnly = true;
-            options.Path = _options.CookiePath ?? GetPathBase(httpContext);
             options.Domain = _options.CookieDomain;
             // Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
             // value of newCookie.Secure is populated out of band.
@@ -79,18 +78,25 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
             {
                 options.Secure = true;
             }
+            SetCookiePath(httpContext, options);
 
             httpContext.Response.Cookies.Append(_options.CookieName, token, options);
         }
 
-        private string GetPathBase(HttpContext httpContext)
+        private void SetCookiePath(HttpContext httpContext, CookieOptions cookieOptions)
         {
-            var pathBase = httpContext.Request.PathBase.ToString();
-            if (string.IsNullOrEmpty(pathBase))
+            if (_options.CookiePath != null)
             {
-                pathBase = "/";
+                cookieOptions.Path = _options.CookiePath.ToString();
+            }
+            else
+            {
+                var pathBase = httpContext.Request.PathBase.ToString();
+                if (!string.IsNullOrEmpty(pathBase))
+                {
+                    cookieOptions.Path = pathBase;
+                }
             }
-            return pathBase;
         }
     }
 }