How to set the scope of the cookie at the context root level

It depends on the domain of the cookies and the applications. Cookies have both a domain and a path attribute and you can set these in the F5 to enable them to be used separately.

For instance, imagine if you have app1.example.com, app2.example.com and app3.example.com. If app1 sets a cookie called ExampleCookie with a domain of *.example.com then app2.example.com can access and change that cookie. To keep these separate you want to have the domain as app1.example.com only.

The same deal with the path - there could be apps in /app1, /app2 and /app3 but the cookie is set with a path of /. In which case all apps can access and change the cookie.

You can use the HTTP::cookie iRule commands to log the actual domains and paths in use to determine the issue and then create an iRule to set them appropriately. You may also want to set the secure and httponly flags if they are not set.