diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index f02ff6de3..8f7289407 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,10 @@
 # Be sure to restart your server when you modify this file.
-opts = Rails.env.production? ? { same_site: :lax, secure: true } : {}
+opts = {}
+
+if Rails.env.production?
+  opts = { same_site: :lax, secure: true }
+  expiry_time = TeSS::Config.login_expires_after
+  opts[:expire_after] = expiry_time unless expiry_time.blank?
+end
+
 Rails.application.config.session_store :cookie_store, **opts
diff --git a/config/tess.example.yml b/config/tess.example.yml
index 103916215..1722cfd5f 100644
--- a/config/tess.example.yml
+++ b/config/tess.example.yml
@@ -13,6 +13,7 @@ default: &default
   announcement_message:
   prevent_robot_indexing: false
   require_cookie_consent: true
+  login_expires_after: # in seconds, sets the login session duration, after this, users must login again, leave blank to disable.
   blocked_domains:
     - !ruby/regexp '/bad-domain\.example/'
   blocked_countries: # Block registration from the following ISO 3166-1 alpha-2 codes