diff --git a/pkg/config/config.go b/pkg/config/config.go
index 5c83408..4ee5ca0 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"time"
+
 	flag "github.com/spf13/pflag"
 
 	"github.com/nais/liberator/pkg/conftools"
@@ -29,6 +31,7 @@ type IDPorten struct {
 	SecurityLevel         string            `json:"security-level"`
 	PostLogoutRedirectURI string            `json:"post-logout-redirect-uri"`
 	Scopes                []string          `json:"scopes"`
+	SessionMaxLifetime    time.Duration     `json:"session-max-lifetime"`
 }
 
 const (
@@ -46,6 +49,7 @@ const (
 	IDPortenSecurityLevel         = "idporten.security-level"
 	IDPortenPostLogoutRedirectURI = "idporten.post-logout-redirect-uri"
 	IDPortenScopes                = "idporten.scopes"
+	IDPortenSessionMaxLifetime    = "idporten.session-max-lifetime"
 )
 
 func bindNAIS() {
@@ -69,6 +73,7 @@ func Initialize() *Config {
 	flag.String(IDPortenLocale, "nb", "Locale for OAuth2 consent screen.")
 	flag.String(IDPortenPostLogoutRedirectURI, "https://nav.no", "URI for redirecting the user after successful logout at IDPorten.")
 	flag.StringSlice(IDPortenScopes, []string{token.ScopeOpenID}, "List of scopes that should be used during the Auth Code flow.")
+	flag.Duration(IDPortenSessionMaxLifetime, time.Hour, "Max lifetime for user sessions.")
 
 	return &Config{}
 }
diff --git a/pkg/router/router.go b/pkg/router/router.go
index 4096f0a..33001c4 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -27,7 +27,6 @@ import (
 )
 
 const (
-	SessionMaxLifetime     = time.Hour
 	LoginCookieLifetime    = 10 * time.Minute
 	SessionCookieName      = "io.nais.wonderwall.session"
 	StateCookieName        = "io.nais.wonderwall.state"
@@ -218,7 +217,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = h.setEncryptedCookie(w, SessionCookieName, idToken.SessionID, SessionMaxLifetime)
+	err = h.setEncryptedCookie(w, SessionCookieName, idToken.SessionID, h.Config.SessionMaxLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -228,7 +227,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	err = h.Sessions.Write(r.Context(), idToken.SessionID, &session.Data{
 		ID:    idToken.SessionID,
 		Token: tokens,
-	}, SessionMaxLifetime)
+	}, h.Config.SessionMaxLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
diff --git a/pkg/router/router_test.go b/pkg/router/router_test.go
index 57cc548..449925e 100644
--- a/pkg/router/router_test.go
+++ b/pkg/router/router_test.go
@@ -59,6 +59,7 @@ func defaultConfig() config.IDPorten {
 		Locale:                "nb",
 		SecurityLevel:         "Level4",
 		PostLogoutRedirectURI: "",
+		SessionMaxLifetime:    time.Hour,
 	}
 }