diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 615b31a692ecb3b6635eeaebad9f74f9775e34b0..11798c37d4c1fc10697a52da3b4dcd47a553e9b2 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -78,3 +78,15 @@ def auth_urls_configured(app_configs, **kwargs):
             errors.append(Warning("{setting_name} is not found or invalid.".format(**locals()), obj=conf.settings,))
     return errors
 
+
+@register(Tags.security)
+def session_lifetime(app_configs, **kwargs):
+    errors = list()
+    max_wanted = 60 * 60  # seconds
+    if conf.settings.SESSION_COOKIE_AGE > max_wanted:
+        errors.append(Error(
+            "Please reduce SESSION_COOKIE_AGE to at most {max_wanted}".format(**locals()),
+            obj=conf.settings,
+        ))
+    return errors
+