diff --git a/drupalauth4ssp.module b/drupalauth4ssp.module
index 9ae0f05..f26de39 100755
--- a/drupalauth4ssp.module
+++ b/drupalauth4ssp.module
@@ -66,7 +66,7 @@ function drupalauth4ssp_user_logout($account) {
   }
 
   // Delete the cookie.
-  setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, time() - 3600, $ssp_config['baseurlpath']);
+  setcookie($ssp_config['cookie_name'], '', 0, $ssp_config['baseurlpath'], $ssp_config['session.cookie.domain'], $ssp_config['session.cookie.secure'], $ssp_config['session.phpsession.httponly']);
 
   // Invalidate SimpleSAML session by expiring it.
   $session = SimpleSAML_Session::getSessionFromRequest();
@@ -137,6 +137,15 @@ function _drupalauth4ssp_get_simplesamlphp_config() {
   // Get the baseurlpath.
   $config['baseurlpath'] = '/' . $ssp_config->getBaseURL();
 
+  // Get the cookie domain.
+  $config['session.cookie.domain'] = $ssp_config->getString('session.cookie.domain', NULL);
+
+  // Get the cookie secure flag.
+  $config['session.cookie.secure'] = $ssp_config->getBoolean('session.cookie.secure', FALSE);
+
+  // Get the session cookie httponly flag.
+  $config['session.phpsession.httponly'] = $ssp_config->getBoolean('session.phpsession.httponly', FALSE);
+
   unset($ssp_config);
 
   $ssp_authsources = SimpleSAML_Configuration::getConfig('authsources.php');
@@ -147,10 +156,11 @@ function _drupalauth4ssp_get_simplesamlphp_config() {
 
   unset($ssp_authsources);
 
-  // Make sure every configuration setting is present.
-  foreach ($config as $val) {
+  // Make sure every configuration setting (except session.cookie.domain, which
+  // can be NULL) is present.
+  foreach ($config as $name => $val) {
 
-    if (!strlen($val)) {
+    if ($name != 'session.cookie.domain' && !strlen($val)) {
       return;
     }
 
@@ -176,7 +186,7 @@ function _drupalauth4ssp_exec($account) {
   }
 
   // Store the authenticated user's uid in the cookie (create a validation hash to ensure nobody tampers with the uid).
-  setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, 0, $ssp_config['baseurlpath']);
+  setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, 0, $ssp_config['baseurlpath'], $ssp_config['session.cookie.domain'], $ssp_config['session.cookie.secure'], $ssp_config['session.phpsession.httponly']);
 
   // If the ReturnTo URL is present, send the user to the URL.
   if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {