diff --git a/actions/admin/settings/110.accounts.php b/actions/admin/settings/110.accounts.php
index cff32356..07e4099a 100644
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -35,6 +35,7 @@ return [
 					'varname' => 'sessiontimeout',
 					'type' => 'number',
 					'min' => 60,
+					'max' => 31536000,
 					'default' => 600,
 					'save_method' => 'storeSettingField'
 				],
diff --git a/lib/init.php b/lib/init.php
index 9b1a67b8..4583f681 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -369,7 +369,7 @@ if (CurrentUser::hasSession()) {
 	}
 	// update cookie lifetime
 	$cookie_params = [
-		'expires' => time() + Settings::Get('session.sessiontimeout'),
+		'expires' => time() + min(Settings::Get('session.sessiontimeout'), 31536000),
 		'path' => '/',
 		'domain' => UI::getCookieHost(),
 		'secure' => UI::requestIsHttps(),