diff --git a/config/application.rb b/config/application.rb
index c835223d4e..8d7efdcdc1 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -39,7 +39,7 @@ module Openfoodnetwork
       SessionCookieUpgrader, {
         old_key: "_session_id",
         new_key: "_ofn_session_id",
-        domain: "." + ENV["SITE_URL"].delete_prefix("www.")
+        domain: ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
       }
     ) if Rails.env.staging? || Rails.env.production?
 
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index f5e1ed786f..799c1d3986 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -3,9 +3,15 @@
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
 # (create the session table with "rails generate session_migration")
+
+domain = if Rails.env.staging? || Rails.env.production?
+           ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
+         else
+           :all
+         end
+
 Openfoodnetwork::Application.config.session_store(
   :active_record_store,
   key: "_ofn_session_id",
-  domain: :all,
-  tld_length: 2
+  domain: domain
 )