diff --git a/.env b/.env
index 372bfd7baa..60c2fffa07 100644
--- a/.env
+++ b/.env
@@ -4,6 +4,7 @@ _APP_WORKER_PER_CORE=6
 _APP_CONSOLE_WHITELIST_ROOT=disabled
 _APP_CONSOLE_WHITELIST_EMAILS=
 _APP_CONSOLE_WHITELIST_IPS=
+_APP_CONSOLE_ROOT_SESSION=disabled
 _APP_SYSTEM_EMAIL_NAME=Appwrite
 _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
 _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
diff --git a/Dockerfile b/Dockerfile
index 1a55209208..27323b6dba 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,6 +51,7 @@ ENV _APP_SERVER=swoole \
     _APP_CONSOLE_WHITELIST_ROOT=enabled \
     _APP_CONSOLE_WHITELIST_EMAILS= \
     _APP_CONSOLE_WHITELIST_IPS= \
+    _APP_CONSOLE_ROOT_SESSION= \
     _APP_SYSTEM_EMAIL_NAME= \
     _APP_SYSTEM_EMAIL_ADDRESS= \
     _APP_SYSTEM_RESPONSE_FORMAT= \
diff --git a/app/config/variables.php b/app/config/variables.php
index 3d967eb828..3160fbf5c2 100644
--- a/app/config/variables.php
+++ b/app/config/variables.php
@@ -105,6 +105,15 @@ return [
                 'question' => '',
                 'filter' => ''
             ],
+            [
+                'name' => '_APP_CONSOLE_ROOT_SESSION',
+                'description' => 'Domain policy for the Appwrite console session cookie. By default, set to \'disabled\', meaning the session cookie will be set to the domain of the Appwrite console (e.g. cloud.appwrite.io). When set to \'enabled\', the session cookie will be set to the registerable domain of the Appwrite server (e.g. appwrite.io).',
+                'introduction' => '',
+                'default' => 'disabled',
+                'required' => false,
+                'question' => '',
+                'filter' => ''
+            ],
             [
                 'name' => '_APP_SYSTEM_EMAIL_NAME',
                 'description' => 'This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: \'Appwrite\'. You can use url encoded strings for spaces and special chars.',
diff --git a/app/controllers/general.php b/app/controllers/general.php
index f3ae607db8..fda8929fa6 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -175,13 +175,21 @@ App::init()
             $endDomain->getRegisterable() !== ''
         );
 
-        Config::setParam('cookieDomain', (
-            $request->getHostname() === 'localhost' ||
-            $request->getHostname() === 'localhost:' . $request->getPort() ||
-            (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false)
-        )
-            ? null
-            : '.' . $request->getHostname());
+        $isLocalHost = $request->getHostname() === 'localhost' || $request->getHostname() === 'localhost:' . $request->getPort();
+        $isIpAddress = filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false;
+
+        $isConsoleProject = $project->getAttribute('$id', '') === 'console';
+        $isConsoleRootSession = App::getEnv('_APP_CONSOLE_ROOT_SESSION', 'disabled') === 'enabled';
+
+        Config::setParam(
+            'cookieDomain',
+            $isLocalHost || $isIpAddress
+                ? null
+                : ($isConsoleProject && $isConsoleRootSession
+                    ? '.' . $selfDomain->getRegisterable()
+                    : '.' . $request->getHostname()
+                )
+        );
 
         /*
         * Response format
diff --git a/docker-compose.yml b/docker-compose.yml
index ecb10b9eea..560c42ae38 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -100,6 +100,7 @@ services:
       - _APP_CONSOLE_WHITELIST_ROOT
       - _APP_CONSOLE_WHITELIST_EMAILS
       - _APP_CONSOLE_WHITELIST_IPS
+      - _APP_CONSOLE_ROOT_SESSION
       - _APP_SYSTEM_EMAIL_NAME
       - _APP_SYSTEM_EMAIL_ADDRESS
       - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS