diff --git a/app/modules/auth/session.server.ts b/app/modules/auth/session.server.ts
index 9a22c4741..1bd1b715a 100644
--- a/app/modules/auth/session.server.ts
+++ b/app/modules/auth/session.server.ts
@@ -8,8 +8,11 @@ if (process.env.NODE_ENV === "production") {
 }
 export const authSessionStorage = createCookieSessionStorage({
   cookie: {
+    // xxx: if domain trick works this needs renaming to force people to log back in
     name: "_session",
     sameSite: "lax",
+    // need to specify domain so that sub-domains can access it
+    domain: process.env.NODE_ENV === "production" ? "sendou.ink" : undefined,
     path: "/",
     httpOnly: true,
     secrets: [process.env["SESSION_SECRET"] ?? "secret"],