diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 6da861cc4a834220ffdb68c8318360f64aa01a76..abc8a1d05b193cff324384e34817731cca3f2ab6 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -140,6 +140,11 @@ def session_lifetime(app_configs, **kwargs):
             "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()),
             obj=conf.settings,
         ))
+    if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24:  # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE
+        errors.append(Error(
+            "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.",
+            obj=conf.settings,
+        ))
     return errors