diff --git a/cps/__init__.py b/cps/__init__.py
index c4150942..890d5867 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -25,7 +25,8 @@ import sys
 import os
 import mimetypes
 
-from flask import Flask
+from flask import Flask, request
+from flask.sessions import SecureCookieSessionInterface
 from .MyLoginManager import MyLoginManager
 from flask_principal import Principal
 
@@ -114,8 +115,14 @@ if limiter_present:
 else:
     limiter = None
 
+class ScriptNameSessionInterface(SecureCookieSessionInterface):
+    def get_cookie_path(self, app):
+        # Called once per response, after request context exists
+        return app.wsgi_app.script_name.rstrip("/") or "/"
+
 
 def create_app():
+    app.session_interface = ScriptNameSessionInterface()
     if csrf:
         csrf.init_app(app)
 
diff --git a/cps/cw_login/login_manager.py b/cps/cw_login/login_manager.py
index a3714af6..268b9285 100644
--- a/cps/cw_login/login_manager.py
+++ b/cps/cw_login/login_manager.py
@@ -7,7 +7,6 @@ from flask import abort
 from flask import current_app
 from flask import flash
 from flask import g
-from flask import has_app_context
 from flask import redirect
 from flask import request
 from flask import session
@@ -469,7 +468,7 @@ class LoginManager:
         config = current_app.config
         cookie_name = config.get("REMEMBER_COOKIE_NAME", COOKIE_NAME)
         domain = config.get("REMEMBER_COOKIE_DOMAIN")
-        path = config.get("REMEMBER_COOKIE_PATH", "/")
+        path = config.get("REMEMBER_COOKIE_PATH", current_app.wsgi_app.script_name)
 
         secure = config.get("REMEMBER_COOKIE_SECURE", COOKIE_SECURE)
         httponly = config.get("REMEMBER_COOKIE_HTTPONLY", COOKIE_HTTPONLY)
@@ -520,36 +519,5 @@ class LoginManager:
         config = current_app.config
         cookie_name = config.get("REMEMBER_COOKIE_NAME", COOKIE_NAME)
         domain = config.get("REMEMBER_COOKIE_DOMAIN")
-        path = config.get("REMEMBER_COOKIE_PATH", "/")
+        path = config.get("REMEMBER_COOKIE_PATH", current_app.wsgi_app.script_name)
         response.delete_cookie(cookie_name, domain=domain, path=path)
-
-    @property
-    def _login_disabled(self):
-        """Legacy property, use app.config['LOGIN_DISABLED'] instead."""
-        import warnings
-
-        warnings.warn(
-            "'_login_disabled' is deprecated and will be removed in"
-            " Flask-Login 0.7. Use 'LOGIN_DISABLED' in 'app.config'"
-            " instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
-        if has_app_context():
-            return current_app.config.get("LOGIN_DISABLED", False)
-        return False
-
-    @_login_disabled.setter
-    def _login_disabled(self, newvalue):
-        """Legacy property setter, use app.config['LOGIN_DISABLED'] instead."""
-        import warnings
-
-        warnings.warn(
-            "'_login_disabled' is deprecated and will be removed in"
-            " Flask-Login 0.7. Use 'LOGIN_DISABLED' in 'app.config'"
-            " instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        current_app.config["LOGIN_DISABLED"] = newvalue
diff --git a/cps/reverseproxy.py b/cps/reverseproxy.py
index 887590bf..1c98c5d1 100644
--- a/cps/reverseproxy.py
+++ b/cps/reverseproxy.py
@@ -61,11 +61,13 @@ class ReverseProxied(object):
 
     def __call__(self, environ, start_response):
         self.proxied = False
+        self.script_name = "/"
         script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
         if script_name:
             self.proxied = True
             environ['SCRIPT_NAME'] = script_name
             path_info = environ.get('PATH_INFO', '')
+            self.script_name = script_name
             if path_info and path_info.startswith(script_name):
                 environ['PATH_INFO'] = path_info[len(script_name):]