diff --git a/src/clj/auto_ap/handler.clj b/src/clj/auto_ap/handler.clj
index 68824bd9..fee27168 100644
--- a/src/clj/auto_ap/handler.clj
+++ b/src/clj/auto_ap/handler.clj
@@ -28,7 +28,9 @@
    [ring.middleware.session :refer [wrap-session]]
    [ring.middleware.session.cookie :refer [cookie-store]]
    [ring.util.response :as response]
-   [unilog.context :as lc]))
+   [unilog.context :as lc]
+   [clj-time.coerce :as coerce]
+   [clj-time.core :as time]))
 
 (when (:aws-access-key-id env)
   (defcredential (:aws-access-key-id env) (:aws-secret-access-key env) (:aws-region env)))
@@ -139,6 +141,22 @@
                           :exception e)
               (throw e))))))))
 
+(defn wrap-idle-session-timeout
+  [handler ]
+  (fn [request]
+    (let [session  (:session request {})
+          end-time (coerce/to-date-time (::idle-timeout session))]
+      (if (and end-time (time/before? end-time (time/now)))
+        {:session nil
+         :status  302
+         :headers {"Location" "/login"}}
+        (when-let [response (handler request)]
+          (let [session (:session response session)]
+            (if (nil? session)
+              response
+              (let [end-time (time/plus (time/now) (time/days 2))]
+                (assoc response :session (assoc session ::idle-timeout (coerce/to-date end-time)))))))))))
+
 #_{:clj-kondo/ignore [:clojure-lsp/unused-public-var]}
 (def app
   (->  route-handler
@@ -149,6 +167,7 @@
                             (session-backend {:authfn (fn [auth]
                                                         (dissoc auth :exp))}))
 
+       (wrap-idle-session-timeout)
        (wrap-session {:store (cookie-store
                                {:key
                                 (byte-array