diff --git a/app/its_dangerous_session.py b/app/its_dangerous_session.py
index 25f7aef20..e16cecc55 100644
--- a/app/its_dangerous_session.py
+++ b/app/its_dangerous_session.py
@@ -46,7 +46,7 @@ class ItsdangerousSessionInterface(SessionInterface):
                                        domain=domain)
             return
         session.permanent = True
-        expires = datetime.utcnow() + timedelta(app.config.get('PERMANENT_SESSION_LIFETIME'))
+        expires = datetime.utcnow() + timedelta(seconds=app.config.get('PERMANENT_SESSION_LIFETIME'))
         val = self.get_serializer(app).dumps(dict(session))
         response.set_cookie(app.session_cookie_name, val,
                             expires=expires, httponly=True,
diff --git a/config.py b/config.py
index bc1ae87db..39158a245 100644
--- a/config.py
+++ b/config.py
@@ -23,6 +23,7 @@ class Config(object):
     SESSION_COOKIE_HTTPONLY = True
     SESSION_COOKIE_SECURE = False
     PERMANENT_SESSION_LIFETIME = 3600  # seconds
+    SESSION_REFRESH_EACH_REQUEST = True
 
     API_HOST_NAME = os.getenv('API_HOST_NAME')
     NOTIFY_API_SECRET = os.getenv('NOTIFY_API_SECRET', "dev-secret")