diff --git a/providers/session/session.go b/providers/session/session.go
index 00bc212..968aa16 100644
--- a/providers/session/session.go
+++ b/providers/session/session.go
@@ -10,8 +10,13 @@ import "git.tebibyte.media/sashakoshka/go-util/sync"
 import "git.tebibyte.media/sashakoshka/go-util/container"
 import shttp "git.tebibyte.media/sashakoshka/step/http"
 
-const sessionIDCookieName = "step-session-id"
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie
+// __Host- prefix: Cookies with names starting with __Host- are sent only to the
+// host subdomain or domain that set them, and not to any other host. They must
+// be set with the secure flag must be from a secure page (HTTPS), must not have
+// a domain specified, and the path must be /
 const secureSessionIDCookieName = "__Host-step-session-id"
+const sessionIDCookieName = "step-session-id"
 const defaultLifetime = 48 * time.Hour
 
 var _ step.FuncProviderFor = new(Provider)