diff --git a/application/config/config.sample.php b/application/config/config.sample.php
index d638c45d4..2e0c2fbef 100644
--- a/application/config/config.sample.php
+++ b/application/config/config.sample.php
@@ -439,7 +439,7 @@ $config['encryption_key'] = 'flossie1234555541';
 | 'sess_expiration'
 |
 |	The number of SECONDS you want the session to last.
-|	Setting to 0 (zero) means expire when the browser is closed.
+|	Minimum is 43200 seconds (12 hours) for security reasons.
 |
 | 'sess_save_path'
 |
@@ -476,7 +476,7 @@ $config['encryption_key'] = 'flossie1234555541';
 */
 $config['sess_driver'] = 'files';
 $config['sess_cookie_name'] = 'ci_wavelog';
-$config['sess_expiration'] = 0;
+$config['sess_expiration'] = 43200;
 $config['sess_save_path'] = '/tmp';
 $config['sess_match_ip'] = FALSE;
 $config['sess_time_to_update'] = 300;
diff --git a/application/models/User_model.php b/application/models/User_model.php
index 122c83de7..b22ee747a 100644
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -539,6 +539,11 @@ class User_Model extends CI_Model {
 			return false;
 		}
 
+		$token = $this->session->userdata('session_token') ?: NULL;
+		if (!$token) {
+			$token = bin2hex(random_bytes(32));
+		}
+
 		$userdata = array(
 			'user_id'		 => $u->row()->user_id,
 			'user_name'		 => $u->row()->user_name,
@@ -551,7 +556,8 @@ class User_Model extends CI_Model {
 			'user_clublog_name'	 => $u->row()->user_clublog_name ?? '',
 			'user_eqsl_name'	 => $u->row()->user_eqsl_name,
 			'user_eqsl_qth_nickname' => $u->row()->user_eqsl_qth_nickname,
-			'user_hash'		 => $this->_session_hash($u->row()->user_id . $u->row()->user_type . $this->input->cookie($this->config->item('sess_cookie_name'))),
+			'user_hash'		     => $this->_session_hash($u->row()->user_id . $u->row()->user_type . $token),
+			'session_token'		 => $token,
 			'radio' => ((($this->session->userdata('radio') ?? '') == '') ? $this->user_options_model->get_options('cat', array('option_name' => 'default_radio'))->row()->option_value ?? '' : $this->session->userdata('radio')),
 			'station_profile_id' => $this->session->userdata('station_profile_id') ?? '',
 			'user_measurement_base' => $u->row()->user_measurement_base,
@@ -646,7 +652,8 @@ class User_Model extends CI_Model {
 			$impersonate = $this->session->userdata('impersonate');
 
 			if(ENVIRONMENT != 'maintenance') {
-				if($this->_auth($user_id . $user_type . $this->input->cookie($this->config->item('sess_cookie_name')), $user_hash)) {
+				$session_token = $this->session->userdata('session_token');
+				if($session_token && $this->_auth($user_id . $user_type . $session_token, $user_hash)) {
 					// Freshen the session
 					$this->update_session($user_id, $u);
 					return 1;
@@ -656,7 +663,8 @@ class User_Model extends CI_Model {
 				}
 			} else {  // handle the maintenance mode and kick out user on page reload if not an admin
 				if($user_type == '99' || $src_user_type === '99') {
-					if($this->_auth($user_id . $user_type . $this->input->cookie($this->config->item('sess_cookie_name')), $user_hash)) {
+					$session_token = $this->session->userdata('session_token');
+					if($session_token && $this->_auth($user_id . $user_type . $session_token, $user_hash)) {
 						// Freshen the session
 						$this->update_session($user_id, $u);
 						return 1;
diff --git a/install/config/config.php b/install/config/config.php
index 205022729..38255098b 100644
--- a/install/config/config.php
+++ b/install/config/config.php
@@ -439,7 +439,7 @@ $config['encryption_key'] = '%encryptionkey%';
 | 'sess_expiration'
 |
 |	The number of SECONDS you want the session to last.
-|	Setting to 0 (zero) means expire when the browser is closed.
+|	Minimum is 43200 seconds (12 hours) for security reasons.
 |
 | 'sess_save_path'
 |
@@ -476,7 +476,7 @@ $config['encryption_key'] = '%encryptionkey%';
 */
 $config['sess_driver'] = 'files';
 $config['sess_cookie_name'] = 'ci_wavelog';
-$config['sess_expiration'] = 0;
+$config['sess_expiration'] = 43200;
 $config['sess_save_path'] = '/tmp';
 $config['sess_match_ip'] = FALSE;
 $config['sess_time_to_update'] = 300;
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 6294f5656..0d64c34ab 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -244,7 +244,8 @@ class CI_Session {
 	 */
 	protected function _configure(&$params)
 	{
-		$expiration = config_item('sess_expiration');
+		// We force a minimum expiration time of 43200 seconds (12 hours) for security reasons
+		$expiration = config_item('sess_expiration') == 0 ? 43200 : config_item('sess_expiration');
 
 		if (isset($params['cookie_lifetime']))
 		{