diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 984739e..ae0378e 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -500,7 +500,7 @@ function drupal_settings_initialize() {
 
   if ($cookie_domain) {
     // If the user specifies the cookie domain, also use it for session name.
-    $session_name = $cookie_domain;
+    $session_name = ltrim($cookie_domain, '.');
   }
   else {
     // Otherwise use $base_url as session name, without the protocol
@@ -510,18 +510,22 @@ function drupal_settings_initialize() {
     // in drupal_settings_initialize().
     if (!empty($_SERVER['HTTP_HOST'])) {
       $cookie_domain = $_SERVER['HTTP_HOST'];
-      // Strip leading periods, www., and port numbers from cookie domain.
-      $cookie_domain = ltrim($cookie_domain, '.');
+      // Strip www. and port numbers from cookie domain.
       if (strpos($cookie_domain, 'www.') === 0) {
         $cookie_domain = substr($cookie_domain, 4);
       }
       $cookie_domain = explode(':', $cookie_domain);
-      $cookie_domain = '.' . $cookie_domain[0];
+      $cookie_domain = $cookie_domain[0];
     }
   }
-  // Per RFC 2109, cookie domains must contain at least one dot other than the
-  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
-  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
+  // Check if the cookie domain starts with a period and add it if it doesn't.
+  if (substr($cookie_domain, 0, 1) !== '.') {
+    $cookie_domain = '.' . $cookie_domain;
+  }
+  // Per RFC 2109, cookie domains must contain at least one period other than
+  // the first. For hosts such as 'localhost' or IP Addresses we don't set a
+  // cookie domain.
+  if (substr_count($cookie_domain, '.') > 1 && !is_numeric(str_replace('.', '', $cookie_domain))) {
     ini_set('session.cookie_domain', $cookie_domain);
   }
   // To prevent session cookies from being hijacked, a user can configure the
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 0472f02..fbf255b 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -285,9 +285,10 @@ ini_set('session.cookie_lifetime', 2000000);
  * same Drupal site, you can either redirect them all to a single domain (see
  * comment in .htaccess), or uncomment the line below and specify their shared
  * base domain. Doing so assures that users remain logged in as they cross
- * between your various domains.
+ * between your various domains. Make sure to always start $cookie_domain with
+ * a leading dot.
  */
-# $cookie_domain = 'example.com';
+# $cookie_domain = '.example.com';
 
 /**
  * Variable overrides: