diff --git a/cmd/root.go b/cmd/root.go
index 0908675..cb79162 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -140,6 +140,7 @@ func init() {
 	rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.")
 	rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.")
 	rootCmd.Flags().String("whitelist", "", "Comma separated list of email addresses to whitelist (only for oauth).")
+	rootCmd.Flags().Int("cookie-expiry", 86400, "Cookie expiration time in seconds.")
 	viper.BindEnv("port", "PORT")
 	viper.BindEnv("address", "ADDRESS")
 	viper.BindEnv("secret", "SECRET")
@@ -159,5 +160,6 @@ func init() {
 	viper.BindEnv("generic-user-url", "GENERIC_USER_URL")
 	viper.BindEnv("disable-continue", "DISABLE_CONTINUE")
 	viper.BindEnv("whitelist", "WHITELIST")
+	viper.BindEnv("cookie-expiry", "COOKIE_EXPIRY")
 	viper.BindPFlags(rootCmd.Flags())
 }
diff --git a/internal/api/api.go b/internal/api/api.go
index a1ec111..af99499 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -77,6 +77,7 @@ func (api *API) Init() {
 		Path:     "/",
 		HttpOnly: true,
 		Secure:   isSecure,
+		MaxAge:   api.Config.CookieExpiry,
 	})
 
 	router.Use(sessions.Sessions("tinyauth", store))
diff --git a/internal/types/types.go b/internal/types/types.go
index 8dcc94b..df48064 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -38,6 +38,7 @@ type Config struct {
 	GenericUserURL      string `mapstructure:"generic-user-info-url"`
 	DisableContinue     bool   `mapstructure:"disable-continue"`
 	Whitelist           string `mapstructure:"whitelist"`
+	CookieExpiry        int    `mapstructure:"cookie-expiry"`
 }
 
 type UserContext struct {
@@ -53,6 +54,7 @@ type APIConfig struct {
 	Secret          string
 	AppURL          string
 	CookieSecure    bool
+	CookieExpiry    int
 	DisableContinue bool
 }