diff --git a/docs/docs/debug/csrf.mdx b/docs/docs/debug/csrf.mdx
index 8533956ad4d1..cff50b8efa9e 100644
--- a/docs/docs/debug/csrf.mdx
+++ b/docs/docs/debug/csrf.mdx
@@ -86,6 +86,9 @@ do in the Quickstart guide.
 We do not recommend running them on separate subdomains, e.g.
 `https://kratos.my-website/` and `https://secureapp.my-website/`).
 
+To allow cookies to work across subdomains, make sure to set the domain name
+in the Kratos config file under [`session.cookie.domain`](https://www.ory.sh/kratos/docs/next/guides/configuring-cookies/#session-cookies).
+
 Running the apps on different TLDs will not work at all, e.g. e.g.
 `https://kratos-my-website/` and `https://secureapp-my-website/`.