diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index abc8a1d05b193cff324384e34817731cca3f2ab6..d68d8009770e7ae20baf482e5e522cea8b0c816b 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -134,15 +134,15 @@ def auth_urls_configured(app_configs, **kwargs):
 @register(Tags.security)
 def session_lifetime(app_configs, **kwargs):
     errors = list()
-    max_wanted = 60 * 60  # seconds
-    if conf.settings.SESSION_COOKIE_AGE > max_wanted and not conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
+    max_wanted = 10 * 60 * 60  # in seconds
+    if conf.settings.SESSION_COOKIE_AGE > max_wanted or conf.settings.SESSION_COOKIE_AGE is 0:
         errors.append(Error(
-            "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()),
+            "Please reduce SESSION_COOKIE_AGE to at most {max_wanted}".format(**locals()),
             obj=conf.settings,
         ))
-    if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24:  # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE
-        errors.append(Error(
-            "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.",
+    if not conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
+        errors.append(Warning(
+            "Recommended value for SESSION_EXPIRE_AT_BROWSER_CLOSE = True",
             obj=conf.settings,
         ))
     return errors