diff --git a/cron/cleanup.php b/cron/cleanup.php
index 926ba8d..cfb264c 100644
--- a/cron/cleanup.php
+++ b/cron/cleanup.php
@@ -72,9 +72,14 @@ notifyAdminsOfCleanupExecution($usersWarned, $usersUnwarnedWithData, $usersDelet
 /* check to see if there are orphaned versions in the database */
 orphanVersionCheck();
 
-/* check to see if we have any orphaned messages stuck in sessionMessages table */
+/* check and purge any orphaned messages stuck in sessionMessages table */
 orphanSessionMessagesCheck();
 
+/* check and purge any expired sessions from the session_list table */
+orphanSessionListCheck();
+
+
+
 
 /* Users that are unwarned and inactive since $iMonths */
 function unwarnedAndInactiveSince($iMonths)
@@ -197,3 +202,29 @@ function orphanSessionMessagesCheck()
     $sQuery = "DELETE from sessionMessages where TO_DAYS(NOW()) - TO_DAYS(time) > ?";
     $hResult = query_parameters($sQuery, $iSessionMessageDayLimit);
 }
+
+/* this function checks to see if we have any orphaned sessions */
+/* sessions need to be expired or the session_list table will grow */
+/* by one row each time a user logs */
+function orphanSessionListCheck()
+{
+    /* get a count of the messages older than $iSessionListDayLimit */
+    $sQuery = "SELECT count(*) as cnt from session_list where TO_DAYS(NOW()) - TO_DAYS(stamp) > ?";
+    $hResult = query_parameters($sQuery, SESSION_DAYS_TO_EXPIRE + 2);
+
+    $oRow = mysql_fetch_object($hResult);
+    $iMessages = $oRow->cnt;
+
+    $sMsg = "Found ".$iMessages." sessions that have expired after ".(SESSION_DAYS_TO_EXPIRE + 2)." days\r\n";
+    $sMsg.= " Purging these sessions.\r\n";
+
+    $sSubject = "Sessions expired\r\n";
+
+    $sEmail = User::get_notify_email_address_list(null, null); /* get list admins */
+    if($sEmail)
+        mail_appdb($sEmail, $sSubject, $sMsg);
+
+    /* purge the messages older than $iSessionMessageDayLimit */
+    $sQuery = "DELETE from session_list where TO_DAYS(NOW()) - TO_DAYS(stamp) > ?";
+    $hResult = query_parameters($sQuery, SESSION_DAYS_TO_EXPIRE + 2);
+}
diff --git a/include/session.php b/include/session.php
index 8cd0fdc..fe0bd67 100644
--- a/include/session.php
+++ b/include/session.php
@@ -5,6 +5,9 @@
  * sessions are stored in a mysql table
  */
 
+/* the number of days a session cookie is flaged to last */
+define(SESSION_DAYS_TO_EXPIRE, 2);
+
 class session
 {
     // create session object
@@ -28,9 +31,9 @@ class session
                                  array(&$this, "_gc")
                                 );
         
-        // default lifetime on session cookie (90 days)
+        // default lifetime on session cookie (SESSION_DAYS_TO_EXPIRE days)
         session_set_cookie_params(
-                                  (60*60*24*90),
+                                  (60*60*24*SESSION_DAYS_TO_EXPIRE),
                                   '/'
                                  );
         
@@ -95,7 +98,8 @@ class session
     // clear old sessions (moved into a separate cron process)
     function _gc ($maxlifetime)
     {
-        query_parameters("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= 7");
+        query_parameters("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= '?'",
+                         SESSION_DAYS_TO_EXPIRE);
         return true;
     }