diff --git a/types/config.go b/types/config.go
index 621777d68e..ceef75ce4b 100644
--- a/types/config.go
+++ b/types/config.go
@@ -137,14 +137,15 @@ type Config struct {
 			Plankton  string `yaml:"plankton" envconfig:"FRONTEND_STRIPE_PLANKTON"`
 			Webhook   string `yaml:"webhook" envconfig:"FRONTEND_STRIPE_WEBHOOK"`
 		}
-		RatelimitUpdateInterval time.Duration `yaml:"ratelimitUpdateInterval" envconfig:"FRONTEND_RATELIMIT_UPDATE_INTERVAL"`
-		SessionSecret           string        `yaml:"sessionSecret" envconfig:"FRONTEND_SESSION_SECRET"`
-		SessionCookieDomain     string        `yaml:"sessionCookieDomain" envconfig:"FRONTEND_SESSION_COOKIE_DOMAIN"`
-		JwtSigningSecret        string        `yaml:"jwtSigningSecret" envconfig:"FRONTEND_JWT_SECRET"`
-		JwtIssuer               string        `yaml:"jwtIssuer" envconfig:"FRONTEND_JWT_ISSUER"`
-		JwtValidityInMinutes    int           `yaml:"jwtValidityInMinutes" envconfig:"FRONTEND_JWT_VALIDITY_INMINUTES"`
-		MaxMailsPerEmailPerDay  int           `yaml:"maxMailsPerEmailPerDay" envconfig:"FRONTEND_MAX_MAIL_PER_EMAIL_PER_DAY"`
-		Mail                    struct {
+		RatelimitUpdateInterval              time.Duration `yaml:"ratelimitUpdateInterval" envconfig:"FRONTEND_RATELIMIT_UPDATE_INTERVAL"`
+		SessionSecret                        string        `yaml:"sessionSecret" envconfig:"FRONTEND_SESSION_SECRET"`
+		SessionCookieDomain                  string        `yaml:"sessionCookieDomain" envconfig:"FRONTEND_SESSION_COOKIE_DOMAIN"`
+		SessionCookieDeriveDomainFromRequest bool          `yaml:"sessionCookieDeriveDomainFromRequest" envconfig:"FRONTEND_SESSION_COOKIE_DERIVE_DOMAIN_FROM_REQUEST"`
+		JwtSigningSecret                     string        `yaml:"jwtSigningSecret" envconfig:"FRONTEND_JWT_SECRET"`
+		JwtIssuer                            string        `yaml:"jwtIssuer" envconfig:"FRONTEND_JWT_ISSUER"`
+		JwtValidityInMinutes                 int           `yaml:"jwtValidityInMinutes" envconfig:"FRONTEND_JWT_VALIDITY_INMINUTES"`
+		MaxMailsPerEmailPerDay               int           `yaml:"maxMailsPerEmailPerDay" envconfig:"FRONTEND_MAX_MAIL_PER_EMAIL_PER_DAY"`
+		Mail                                 struct {
 			SMTP struct {
 				Server   string `yaml:"server" envconfig:"FRONTEND_MAIL_SMTP_SERVER"`
 				Host     string `yaml:"host" envconfig:"FRONTEND_MAIL_SMTP_HOST"`
diff --git a/utils/session.go b/utils/session.go
index b8c9837696..108cca2071 100644
--- a/utils/session.go
+++ b/utils/session.go
@@ -8,6 +8,7 @@ import (
 	"github.com/alexedwards/scs/redisstore"
 	"github.com/gobitfly/scs/v2"
 	"github.com/gomodule/redigo/redis"
+	"golang.org/x/net/publicsuffix"
 )
 
 // SessionStore is a securecookie-based session-store.
@@ -101,8 +102,16 @@ func InitSessionStore(secret string) {
 	sessionManager.Cookie.Secure = true
 	sessionManager.Cookie.Domain = Config.Frontend.SessionCookieDomain
 
-	sessionManager.CookieFunc = func(r *http.Request, c *http.Cookie) {
-		// r.URL.
+	if Config.Frontend.SessionCookieDeriveDomainFromRequest {
+		logger.Infof("deriving cookie.domain from request")
+		sessionManager.CookieFunc = func(r *http.Request, c *http.Cookie) {
+			domainname, err := publicsuffix.EffectiveTLDPlusOne(r.Host)
+			if err != nil {
+				logger.Warnf("error deriving domain from request (host: %v): %v", r.Host, err)
+				return
+			}
+			c.Domain = "." + domainname
+		}
 	}
 
 	sessionManager.Store = redisstore.New(pool)