diff --git a/src/Umbraco.Web/Mvc/ValidateMvcAngularAntiForgeryTokenAttribute.cs b/src/Umbraco.Web/Mvc/ValidateMvcAngularAntiForgeryTokenAttribute.cs
index 756ca7f05c..0803941a70 100644
--- a/src/Umbraco.Web/Mvc/ValidateMvcAngularAntiForgeryTokenAttribute.cs
+++ b/src/Umbraco.Web/Mvc/ValidateMvcAngularAntiForgeryTokenAttribute.cs
@@ -22,7 +22,7 @@ namespace Umbraco.Web.Mvc
             var userIdentity = filterContext.HttpContext.User.Identity as ClaimsIdentity;
             if (userIdentity != null)
             {
-                //if there is not CookiePath claim, then exist
+                //if there is not CookiePath claim, then exit
                 if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
                 {
                     base.OnActionExecuting(filterContext);
diff --git a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
index e7aef4be03..ed6abb3fbe 100644
--- a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
+++ b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
@@ -41,6 +41,9 @@ namespace Umbraco.Web.Security
                     : Guid.NewGuid();
 
                 backOfficeIdentity.SessionId = session.ToString();
+
+                //since it is a cookie-based authentication add that claim
+                backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, UmbracoBackOfficeIdentity.Issuer, UmbracoBackOfficeIdentity.Issuer, backOfficeIdentity));
             }
 
             base.ResponseSignIn(context);
diff --git a/src/Umbraco.Web/WebApi/Filters/ValidateAngularAntiForgeryTokenAttribute.cs b/src/Umbraco.Web/WebApi/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
index 0abdfb5d2f..f147a2a4cb 100644
--- a/src/Umbraco.Web/WebApi/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
@@ -21,7 +21,7 @@ namespace Umbraco.Web.WebApi.Filters
             var userIdentity = ((ApiController) actionContext.ControllerContext.Controller).User.Identity as ClaimsIdentity;
             if (userIdentity != null)
             {
-                //if there is not CookiePath claim, then exist
+                //if there is not CookiePath claim, then exit
                 if (userIdentity.HasClaim(x => x.Type == ClaimTypes.CookiePath) == false)
                 {
                     base.OnActionExecuting(actionContext);