diff --git a/app/__init__.py b/app/__init__.py
index 5f244f630..640563c56 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -349,7 +349,7 @@ def make_session_permanent():
     """
     Make sessions permanent. By permanent, we mean "admin app sets when it expires". Normally the cookie would expire
     whenever you close the browser. With this, the session expiry is set in `config['PERMANENT_SESSION_LIFETIME']`
-    (20 hours) and is refreshed after every request. IE: you will be logged out after twenty hours of inactivity.
+    (30 min) and is refreshed after every request. IE: you will be logged out after thirty minutes of inactivity.
 
     We don't _need_ to set this every request (it's saved within the cookie itself under the `_permanent` flag), only
     when you first log in/sign up/get invited/etc, but we do it just to be safe. For more reading, check here:
diff --git a/app/assets/javascripts/timeoutPopup.js b/app/assets/javascripts/timeoutPopup.js
new file mode 100644
index 000000000..0807a0f3a
--- /dev/null
+++ b/app/assets/javascripts/timeoutPopup.js
@@ -0,0 +1,15 @@
+(function(global ) {
+    "use strict";
+
+    var cookie = window.GOVUK.getCookie('notify_admin_session');
+
+    if (cookie) {
+        window.alert("Session will expire: Cookie Value" + cookie);
+    } else {
+        window.alert('Session has expired');
+    }
+    console.log(cookie);
+
+
+})(window);
+
diff --git a/app/config.py b/app/config.py
index 568c51be7..33987cef3 100644
--- a/app/config.py
+++ b/app/config.py
@@ -50,7 +50,7 @@ class Config(object):
     EMAIL_EXPIRY_SECONDS = 3600  # 1 hour
     INVITATION_EXPIRY_SECONDS = 3600 * 24 * 2  # 2 days - also set on api
     EMAIL_2FA_EXPIRY_SECONDS = 1800  # 30 Minutes
-    PERMANENT_SESSION_LIFETIME = 20 * 60 * 60  # 20 hours
+    PERMANENT_SESSION_LIFETIME = 1800  # 30 Minutes
     SEND_FILE_MAX_AGE_DEFAULT = 365 * 24 * 60 * 60  # 1 year
     REPLY_TO_EMAIL_ADDRESS_VALIDATION_TIMEOUT = 45
     ACTIVITY_STATS_LIMIT_DAYS = 7