diff --git a/atst/app.py b/atst/app.py
index 4b7a0806..c86ab9bf 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -48,7 +48,7 @@ def make_app(config):
     app.register_blueprint(bp)
     app.register_blueprint(workspace_routes)
     app.register_blueprint(requests_bp)
-    if ENV != "production":
+    if ENV != "prod":
         app.register_blueprint(dev_routes)
 
     apply_authentication(app)
diff --git a/config/base.ini b/config/base.ini
index f256fa3a..749b9b2b 100644
--- a/config/base.ini
+++ b/config/base.ini
@@ -1,23 +1,23 @@
 [default]
-PORT=8000
-ENVIRONMENT = dev
-DEBUG = true
-COOKIE_SECRET = some-secret-please-replace
-SECRET = change_me_into_something_secret
-SECRET_KEY = change_me_into_something_secret
 CAC_URL = http://localhost:8000/login-redirect
+CA_CHAIN = ssl/server-certs/ca-chain.pem
+COOKIE_SECRET = some-secret-please-replace
+CRL_DIRECTORY = crl
+DEBUG = true
+ENVIRONMENT = dev
+PERMANENT_SESSION_LIFETIME = 600
 PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv
-REDIS_URI = redis://localhost:6379
 PGAPPNAME = atst
+PGDATABASE = atat
 PGHOST = localhost
+PGPASSWORD = postgres
 PGPORT = 5432
 PGUSER = postgres
-PGPASSWORD = postgres
-PGDATABASE = atat
-SESSION_TYPE = redis
+PORT=8000
+REDIS_URI = redis://localhost:6379
+SECRET = change_me_into_something_secret
+SECRET_KEY = change_me_into_something_secret
 SESSION_COOKIE_NAME=atat
+SESSION_TYPE = redis
 SESSION_USE_SIGNER = True
-PERMANENT_SESSION_LIFETIME = 600
-CRL_DIRECTORY = crl
-CA_CHAIN = ssl/server-certs/ca-chain.pem
 WTF_CSRF_ENABLED = true
diff --git a/config/prod.ini b/config/prod.ini
index fbaaa394..bbbf8f8b 100644
--- a/config/prod.ini
+++ b/config/prod.ini
@@ -1,2 +1,3 @@
 [default]
 SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_DOMAIN=atat.codes
diff --git a/script/sync-crls b/script/sync-crls
index 93ec6772..3c02ac93 100755
--- a/script/sync-crls
+++ b/script/sync-crls
@@ -10,7 +10,7 @@ mkdir -p crl
 rsync -rq crl-tmp/. crl/.
 rm -rf crl-tmp
 
-if [[ $FLASK_ENV != "production" ]]; then
+if [[ $FLASK_ENV != "prod" ]]; then
   # place our test CRL there
   cp ssl/client-certs/client-ca.der.crl crl/
 fi
diff --git a/script/sync-dod-certs b/script/sync-dod-certs
index 043629c1..9d7263d8 100755
--- a/script/sync-dod-certs
+++ b/script/sync-dod-certs
@@ -9,7 +9,7 @@ echo "Resetting CA bundle..."
 rm ssl/server-certs/ca-chain.pem &> /dev/null || true
 touch $CA_CHAIN
 
-if [[ $FLASK_ENV != "production" ]]; then
+if [[ $FLASK_ENV != "prod" ]]; then
   # only for testing and development
   echo "Copy in testing client CA..."
   cat ssl/client-certs/client-ca.crt >> $CA_CHAIN