diff --git a/CHANGELOG.md b/CHANGELOG.md
index f16d3b1f..7d17c612 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,6 +58,7 @@
 - Refactor: Move `BindXXX` and `XXXResp` methods to `context.Context`. [4718](https://github.com/beego/beego/pull/4718)
 - Fix 4728: Print wrong file name. [4737](https://github.com/beego/beego/pull/4737)
 - fix bug:reflect.ValueOf(nil) in getFlatParams [4715](https://github.com/beego/beego/pull/4715)
+- Fix 4736: set a fixed value "/" to the "Path" of "_xsrf" cookie. [4736](https://github.com/beego/beego/issues/4735)
 
 ## Fix Sonar
 
diff --git a/server/web/context/context.go b/server/web/context/context.go
index f55112c8..42cc4035 100644
--- a/server/web/context/context.go
+++ b/server/web/context/context.go
@@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
 		if !ok {
 			token = string(utils.RandomCreateBytes(32))
 			// TODO make it configurable
-			ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "")
+			ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "")
 		}
 		ctx._xsrfToken = token
 	}