diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 60652d4c..dfce58c1 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -62,6 +62,16 @@ module SessionsHelper
   # Retrieves the current user.
   def current_user
     @current_user ||= User.where(id: session[:user_id]).includes(:roles).first
+
+    if Rails.configuration.loadbalanced_configuration
+      if @current_user && !@current_user.has_role?(:super_admin) &&
+         @current_user.provider != @user_domain
+        @current_user = nil
+        session.clear
+      end
+    end
+
+    @current_user
   end
 
   def generate_checksum(user_domain, redirect_url, secret)
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index f8324089..b6ffc76d 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,4 +2,9 @@
 
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
+if Rails.configuration.loadbalanced_configuration
+    Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session',
+        domain: ENV['GREENLIGHT_PARENT_DOMAIN'] || 'blindside-dev.com'
+else
+    Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
+end
diff --git a/spec/controllers/admins_controller_spec.rb b/spec/controllers/admins_controller_spec.rb
index e114743b..d9cc5b43 100644
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@@ -20,6 +20,8 @@ require "rails_helper"
 
 describe AdminsController, type: :controller do
   before do
+    allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
+    controller.instance_variable_set(:@user_domain, "provider1")
     @user = create(:user, provider: "provider1")
     @admin = create(:user, provider: "provider1")
     @admin.add_role :admin
@@ -144,7 +146,7 @@ describe AdminsController, type: :controller do
         email = Faker::Internet.email
         post :invite, params: { invite_user: { email: email } }
 
-        invite = Invitation.find_by(email: email, provider: "greenlight")
+        invite = Invitation.find_by(email: email, provider: "provider1")
 
         expect(invite.present?).to eq(true)
         expect(flash[:success]).to be_present
diff --git a/spec/controllers/themes_controller_spec.rb b/spec/controllers/themes_controller_spec.rb
index 99ae3db6..d25556c3 100644
--- a/spec/controllers/themes_controller_spec.rb
+++ b/spec/controllers/themes_controller_spec.rb
@@ -42,9 +42,13 @@ describe ThemesController, type: :controller do
     it "returns the correct color based on provider" do
       allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
       allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+      allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
 
       color1 = Faker::Color.hex_color
       provider1 = Faker::Company.name
+
+      controller.instance_variable_set(:@user_domain, provider1)
+
       Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
       user1 = create(:user, provider: provider1)
 
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 23d40e8d..4bcbdfb7 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -87,6 +87,8 @@ describe UsersController, type: :controller do
     it "allows admins to edit other users" do
       allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
       allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+      allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
+      controller.instance_variable_set(:@user_domain, "provider1")
 
       user = create(:user, provider: "provider1")
       user.add_role :admin
@@ -339,6 +341,8 @@ describe UsersController, type: :controller do
       allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
       allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
       allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
+      allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
+      controller.instance_variable_set(:@user_domain, "provider1")
 
       user = create(:user, provider: "provider1")
       admin = create(:user, provider: "provider1")
@@ -354,6 +358,8 @@ describe UsersController, type: :controller do
     it "doesn't allow admins of other providers to delete users" do
       allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
       allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+      allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider2")
+      controller.instance_variable_set(:@user_domain, "provider2")
 
       user = create(:user, provider: "provider1")
       admin = create(:user, provider: "provider2")