diff --git a/services/web/app/coffee/infrastructure/Server.coffee b/services/web/app/coffee/infrastructure/Server.coffee
index 3e7a89a0d6..84d27e5b75 100644
--- a/services/web/app/coffee/infrastructure/Server.coffee
+++ b/services/web/app/coffee/infrastructure/Server.coffee
@@ -34,9 +34,6 @@ else
 
 app = express()
 
-cookieKey = Settings.cookieName
-cookieSessionLength = 5 * oneDayInMilliseconds
-
 csrf = express.csrf()
 ignoreCsrfRoutes = []
 app.ignoreCsrf = (method, route) ->
@@ -59,10 +56,10 @@ app.configure () ->
 		proxy: Settings.behindProxy
 		cookie:
 			domain: Settings.cookieDomain
-			maxAge: cookieSessionLength
+			maxAge: Settings.cookieSessionLength
 			secure: Settings.secureCookie
 		store: sessionStore
-		key: cookieKey
+		key: Settings.cookieName
 	
 	# Measure expiry from last request, not last login
 	app.use (req, res, next) ->
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index b3dc23f5a3..bbbec571e3 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -229,6 +229,9 @@ module.exports =
 	# then set this to true to allow it to correctly detect the forwarded IP
 	# address and http/https protocol information.
 	behindProxy: false
+	
+	# Cookie max age (in milliseconds). Set to false for a browser session.
+	cookieSessionLength: 5 * 24 * 60 * 60 * 1000 # 5 days
 
 	# Internal configs
 	# ----------------