diff --git a/backend/tests/test_routers/test_auth.py b/backend/tests/test_routers/test_auth.py
index 1c0d583..98214bb 100644
--- a/backend/tests/test_routers/test_auth.py
+++ b/backend/tests/test_routers/test_auth.py
@@ -8,6 +8,8 @@ from unittest.mock import patch
 import pytest
 from httpx import AsyncClient
 
+from app.utils.constants import SESSION_COOKIE_NAME
+
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
@@ -64,8 +66,8 @@ class TestLogin:
             "/api/auth/login", json={"password": "mysecretpass1"}
         )
         assert response.status_code == 200
-        assert "bangui_session" in response.cookies
-        assert "." in response.cookies["bangui_session"]
+        assert SESSION_COOKIE_NAME in response.cookies
+        assert "." in response.cookies[SESSION_COOKIE_NAME]
         set_cookie = response.headers.get("set-cookie", "")
         assert "HttpOnly" in set_cookie
         assert "SameSite=lax" in set_cookie
@@ -124,7 +126,7 @@ class TestLogout:
         assert response.status_code == 200
         # Cookie should be set to empty / deleted in the Set-Cookie header.
         set_cookie = response.headers.get("set-cookie", "")
-        assert "bangui_session" in set_cookie
+        assert SESSION_COOKIE_NAME in set_cookie
 
     async def test_logout_is_idempotent(self, client: AsyncClient) -> None:
         """Logout succeeds even when called without a session token."""
diff --git a/backend/tests/test_routers/test_dependency_injection.py b/backend/tests/test_routers/test_dependency_injection.py
index 57e1405..ba08c9d 100644
--- a/backend/tests/test_routers/test_dependency_injection.py
+++ b/backend/tests/test_routers/test_dependency_injection.py
@@ -18,6 +18,7 @@ from app.dependencies import get_auth_service, get_jail_service
 from app.main import create_app
 from app.models.auth import Session
 from app.models.jail import JailListResponse
+from app.utils.constants import SESSION_COOKIE_NAME
 from app.utils.setup_state import set_setup_complete_cache
 
 
@@ -149,7 +150,7 @@ async def test_auth_login_uses_injected_auth_service(tmp_path: Path) -> None:
 
     assert response.status_code == 200
     assert response.json()["token"].startswith("fake-token")
-    assert response.cookies.get("bangui_session") is not None
+    assert response.cookies.get(SESSION_COOKIE_NAME) is not None
 
 
 async def test_jail_list_uses_injected_jail_service_and_auth(tmp_path: Path) -> None:
@@ -180,7 +181,7 @@ async def test_jail_list_uses_injected_jail_service_and_auth(tmp_path: Path) ->
     ) as client:
         response = await client.get(
             "/api/jails",
-            headers={"Cookie": "bangui_session=fake-token"},
+            headers={"Cookie": f"{SESSION_COOKIE_NAME}=fake-token"},
         )
 
     await db.close()