diff --git a/pkg/config/config.go b/pkg/config/config.go
index ae0a10c..bfe8b8c 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -40,9 +40,8 @@ type Loginstatus struct {
 }
 
 type Session struct {
-	MaxLifetime     time.Duration `json:"max-lifetime"`
-	Refresh         bool          `json:"refresh"`
-	MetadataRollout bool          `json:"metadata-rollout"`
+	MaxLifetime time.Duration `json:"max-lifetime"`
+	Refresh     bool          `json:"refresh"`
 }
 
 const (
@@ -58,9 +57,8 @@ const (
 	Ingress              = "ingress"
 	UpstreamHost         = "upstream-host"
 
-	SessionMaxLifetime     = "session.max-lifetime"
-	SessionRefresh         = "session.refresh"
-	SessionMetadataRollout = "session.metadata-rollout"
+	SessionMaxLifetime = "session.max-lifetime"
+	SessionRefresh     = "session.refresh"
 
 	LoginstatusEnabled           = "loginstatus.enabled"
 	LoginstatusCookieDomain      = "loginstatus.cookie-domain"
@@ -86,7 +84,6 @@ func Initialize() (*Config, error) {
 
 	flag.Duration(SessionMaxLifetime, time.Hour, "Max lifetime for user sessions.")
 	flag.Bool(SessionRefresh, false, "Automatically refresh the tokens for user sessions if they are expired, as long as the session exists (indicated by the session max lifetime).")
-	flag.Bool(SessionMetadataRollout, false, "Feature toggle for metadata rollout.")
 
 	flag.Bool(LoginstatusEnabled, false, "Feature toggle for Loginstatus, a separate service that should provide an opaque token to indicate that a user has been authenticated previously, e.g. by another application in another subdomain.")
 	flag.String(LoginstatusCookieDomain, "", "The domain that the cookie should be set for.")
diff --git a/pkg/session/handler.go b/pkg/session/handler.go
index 0eb073b..3f55204 100644
--- a/pkg/session/handler.go
+++ b/pkg/session/handler.go
@@ -36,12 +36,11 @@ const (
 )
 
 type Handler struct {
-	client                 *openidclient.Client
-	crypter                crypto.Crypter
-	openidCfg              openidconfig.Config
-	refreshEnabled         bool
-	metadataRolloutEnabled bool
-	store                  Store
+	client         *openidclient.Client
+	crypter        crypto.Crypter
+	openidCfg      openidconfig.Config
+	refreshEnabled bool
+	store          Store
 }
 
 func NewHandler(cfg *config.Config, openidCfg openidconfig.Config, crypter crypto.Crypter, openidClient *openidclient.Client) (*Handler, error) {
@@ -51,12 +50,11 @@ func NewHandler(cfg *config.Config, openidCfg openidconfig.Config, crypter crypt
 	}
 
 	return &Handler{
-		crypter:                crypter,
-		client:                 openidClient,
-		openidCfg:              openidCfg,
-		store:                  store,
-		refreshEnabled:         cfg.Session.Refresh,
-		metadataRolloutEnabled: cfg.Session.MetadataRollout,
+		crypter:        crypter,
+		client:         openidClient,
+		openidCfg:      openidCfg,
+		store:          store,
+		refreshEnabled: cfg.Session.Refresh,
 	}, nil
 }
 
@@ -139,7 +137,7 @@ func (h *Handler) GetAccessToken(r *http.Request) (string, error) {
 		return "", ErrNoAccessToken
 	}
 
-	if h.metadataRolloutEnabled && sessionData.Metadata.IsExpired() {
+	if sessionData.Metadata.IsExpired() {
 		return "", ErrExpiredAccessToken
 	}