diff --git a/rsconcept/backend/.env.prod b/rsconcept/backend/.env.prod
index 7ef3b67a..90cedabd 100644
--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@@ -4,7 +4,7 @@
 ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
 CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
 CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
-CSRF_COOKIE_DOMAIN=.acconcept.ru
+CSRF_COOKIE_DOMAIN=.portal.acconcept.ru
 
 
 # File locations
diff --git a/rsconcept/backend/project/settings.py b/rsconcept/backend/project/settings.py
index 5bd895fb..f6ee3343 100644
--- a/rsconcept/backend/project/settings.py
+++ b/rsconcept/backend/project/settings.py
@@ -68,7 +68,12 @@ REST_FRAMEWORK = {
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';')
 CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';')
-CSRF_COOKIE_DOMAIN = os.environ.get('CSRF_COOKIE_DOMAIN', 'localhost').split(';')
+
+_domain = os.environ.get('CSRF_COOKIE_DOMAIN', '')
+if _domain != '':
+    CSRF_COOKIE_DOMAIN = _domain
+    SESSION_COOKIE_DOMAIN = _domain
+
 # CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'