diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ce351a..88d71bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ### Fixed
 
+- `CookiePlugin` allows main domain cookies to be sent/stored for subdomains
 - `DecoderPlugin` uses the right `FilteredStream` to handle `deflate` content encoding
 
 ## 1.4.1 - 2017-02-20
diff --git a/spec/Plugin/CookiePluginSpec.php b/spec/Plugin/CookiePluginSpec.php
index 1851876..675b8bc 100644
--- a/spec/Plugin/CookiePluginSpec.php
+++ b/spec/Plugin/CookiePluginSpec.php
@@ -82,6 +82,47 @@ function it_does_not_load_cookie_if_domain_does_not_match(RequestInterface $requ
         }, function () {});
     }
 
+    function it_does_not_load_cookie_on_hackish_domains(RequestInterface $request, UriInterface $uri, Promise $promise)
+    {
+        $hackishDomains = [
+            'hacktest.com',
+            'test.com.hacked.org',
+        ];
+        $cookie = new Cookie('name', 'value', 86400, 'test.com');
+        $this->cookieJar->addCookie($cookie);
+
+        foreach ($hackishDomains as $domain) {
+            $request->getUri()->willReturn($uri);
+            $uri->getHost()->willReturn($domain);
+
+            $request->withAddedHeader('Cookie', 'name=value')->shouldNotBeCalled();
+
+            $this->handleRequest($request, function (RequestInterface $requestReceived) use ($request, $promise) {
+                if (Argument::is($requestReceived)->scoreArgument($request->getWrappedObject())) {
+                    return $promise->getWrappedObject();
+                }
+            }, function () {});
+        }
+    }
+
+    function it_loads_cookie_on_subdomains(RequestInterface $request, UriInterface $uri, Promise $promise)
+    {
+        $cookie = new Cookie('name', 'value', 86400, 'test.com');
+        $this->cookieJar->addCookie($cookie);
+
+        $request->getUri()->willReturn($uri);
+        $uri->getHost()->willReturn('www.test.com');
+        $uri->getPath()->willReturn('/');
+
+        $request->withAddedHeader('Cookie', 'name=value')->willReturn($request);
+
+        $this->handleRequest($request, function (RequestInterface $requestReceived) use ($request, $promise) {
+            if (Argument::is($requestReceived)->scoreArgument($request->getWrappedObject())) {
+                return $promise->getWrappedObject();
+            }
+        }, function () {});
+    }
+
     function it_does_not_load_cookie_if_path_does_not_match(RequestInterface $request, UriInterface $uri, Promise $promise)
     {
         $cookie = new Cookie('name', 'value', 86400, 'test.com', '/sub');
diff --git a/src/Plugin/CookiePlugin.php b/src/Plugin/CookiePlugin.php
index af306e5..8519fce 100644
--- a/src/Plugin/CookiePlugin.php
+++ b/src/Plugin/CookiePlugin.php
@@ -69,7 +69,7 @@ public function handleRequest(RequestInterface $request, callable $next, callabl
                     }
 
                     // Restrict setting cookie from another domain
-                    if (false === strpos($cookie->getDomain(), $request->getUri()->getHost())) {
+                    if (!preg_match("/\.{$cookie->getDomain()}$/", '.'.$request->getUri()->getHost())) {
                         continue;
                     }