diff --git a/api/src/security/jwt.js b/api/src/security/jwt.js
index e920e444..251b936a 100644
--- a/api/src/security/jwt.js
+++ b/api/src/security/jwt.js
@@ -28,7 +28,7 @@ export const generate = () => {
 
     return {
         token: `${header}.${payload}.${signature}`,
-        exp,
+        exp: env.jwtLifetime - 2,
     };
 }
 
diff --git a/web/src/lib/api/session.ts b/web/src/lib/api/session.ts
index 0e5c426a..77e99284 100644
--- a/web/src/lib/api/session.ts
+++ b/web/src/lib/api/session.ts
@@ -42,10 +42,10 @@ export const requestSession = async() => {
 }
 
 export const getSession = async () => {
-    const currentTime = Math.floor(new Date().getTime() / 1000);
+    const currentTime = () => Math.floor(new Date().getTime() / 1000);
     const cache = get(cachedSession);
 
-    if (cache?.token && cache?.exp - 2 > currentTime) {
+    if (cache?.token && cache?.exp - 2 > currentTime()) {
         return cache;
     }
 
@@ -59,6 +59,7 @@ export const getSession = async () => {
     } as CobaltErrorResponse
 
     if (!("status" in newSession)) {
+        newSession.exp = currentTime() + newSession.exp;
         cachedSession.set(newSession);
     }
     return newSession;