diff --git a/lib/sso.js b/lib/sso.js
index 43ad5df..0af88bd 100644
--- a/lib/sso.js
+++ b/lib/sso.js
@@ -141,6 +141,10 @@ async function setSessionCookie(req, res) {
 
             req.session.loggedin = true
             req.session.userId = decoded.userId;
+            
+            // This sets the cookie for the accessed domain to expire at the same time as the "main" veriflow cookie, to 
+            // prevent a user from being deauthenticated from Veriflow, but still authenticated on the subdomains. 
+            req.session.cookie.expires = decoded.cookieExpires
 
             var redirectProtocol = decoded.protocol
             var redirectHost = decoded.host
@@ -198,7 +202,8 @@ async function redirectToSsoProvider(req, res) {
                 host: redirectToken.host,
                 path: redirectToken.path,
                 query: redirectToken.query,
-                userId: req.session.userId
+                userId: req.session.userId,
+                cookieExpires: req.session.cookie.expires
             }
             var signedJwt = await createJWT(jwtPayload)