diff --git a/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala b/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
index aee5d998..4634a1e3 100644
--- a/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
@@ -34,4 +34,16 @@ object CookieData {
   def fromHeader[F[_]](req: Request[F]): Either[String, String] = {
     req.headers.get(CaseInsensitiveString(headerName)).map(_.value).toRight("Couldn't find an authenticator")
   }
+
+  def deleteCookie(cfg: Config): ResponseCookie =
+    ResponseCookie(
+      cookieName,
+      "",
+      domain = cfg.baseUrl.host,
+      path = Some(cfg.baseUrl.path / "api" / "v1" / "sec").map(_.asString),
+      httpOnly = true,
+      secure = cfg.baseUrl.scheme.exists(_.endsWith("s")),
+      maxAge = Some(-1)
+    )
+
 }
diff --git a/modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala b/modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala
index 9773c865..23feb354 100644
--- a/modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala
@@ -37,7 +37,7 @@ object LoginRoutes {
           flatMap(res => makeResponse(dsl, cfg, res, ""))
 
       case POST -> Root / "logout" =>
-        Ok().map(_.addCookie(ResponseCookie(CookieData.cookieName, "", maxAge = Some(-1))))
+        Ok().map(_.addCookie(CookieData.deleteCookie(cfg)))
     }
   }