diff --git a/awx/api/conf.py b/awx/api/conf.py
index 58aa9b4cc8..c4c18f7cc4 100644
--- a/awx/api/conf.py
+++ b/awx/api/conf.py
@@ -5,18 +5,20 @@ from django.utils.translation import ugettext_lazy as _
 from awx.conf import fields, register
 from awx.api.fields import OAuth2ProviderField
 from oauth2_provider.settings import oauth2_settings
-
+from django.conf import settings
 
 register(
-    'SESSION_COOKIE_AGE',
-    field_class=fields.IntegerField,
+    'AUTH_TOKEN_EXPIRATION',
+    field_class=fields.AuthTokenField,
     min_value=60,
     max_value=30000000000,  # approx 1,000 years, higher values give OverflowError
+    default={'AUTH_TOKEN_EXPIRATION': settings.AUTH_TOKEN_EXPIRATION},
     label=_('Idle Time Force Log Out'),
     help_text=_('Number of seconds that a user is inactive before they will need to login again.'),
     category=_('Authentication'),
     category_slug='authentication',
 )
+
 register(
     'SESSIONS_PER_USER',
     field_class=fields.IntegerField,
diff --git a/awx/conf/fields.py b/awx/conf/fields.py
index b98b925447..582499e351 100644
--- a/awx/conf/fields.py
+++ b/awx/conf/fields.py
@@ -6,6 +6,7 @@ from collections import OrderedDict
 # Django
 from django.core.validators import URLValidator
 from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
 
 # Django REST Framework
 from rest_framework.fields import *  # noqa
@@ -42,6 +43,13 @@ class IntegerField(IntegerField):
         if ret == '' and self.allow_null and not getattr(self, 'allow_blank', False):
             return None
         return ret
+        
+        
+class AuthTokenField(IntegerField):
+    
+    def to_internal_value(self, data):
+        settings.SESSION_COOKIE_AGE = data
+        return super(AuthTokenField, self).to_internal_value(data)
 
 
 class StringListField(ListField):
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index b159ef3d61..5c09d4daf6 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -200,7 +200,8 @@ SESSION_COOKIE_SECURE = True
 
 # Seconds before sessions expire.
 # Note: This setting may be overridden by database settings.
-SESSION_COOKIE_AGE = 1209600
+AUTH_TOKEN_EXPIRATION = 1800
+SESSION_COOKIE_AGE = AUTH_TOKEN_EXPIRATION
 
 # Maximum number of per-user valid, concurrent sessions.
 # -1 is unlimited
diff --git a/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js b/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js
index 02b71edaec..2920e8f7e0 100644
--- a/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js
+++ b/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js
@@ -24,11 +24,11 @@ export default ['i18n', function(i18n) {
             MANAGE_ORGANIZATION_AUTH: {
                 type: 'toggleSwitch',
             },
-            SESSION_COOKIE_AGE: {
+            AUTH_TOKEN_EXPIRATION: {
                 type: 'number',
                 integer: true,
                 min: 60,
-                reset: 'SESSION_COOKIE_AGE',
+                reset: 'AUTH_TOKEN_EXPIRATION',
             },
             SESSIONS_PER_USER: {
                 type: 'number',
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 96cd3b7bc4..6698f04a60 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -49,7 +49,7 @@
 * Impose stricter criteria to admin users - organization admin role now
   necessary for all organizations target user is member of.
 * Remove unused `admin_role` associated with users.
-* Enforce max value for `SESSION_COOKIE_AGE`
+* Enforce max value for `AUTH_TIMEOUT_EXPIRATION`
   [[#1651](https://github.com/ansible/awx/issues/1651)].
 * Add stricter validation to `order_by` query params
   [[#776](https://github.com/ansible/awx/issues/776)].
diff --git a/docs/auth/session.md b/docs/auth/session.md
index 1e31375adc..bc19f53f31 100644
--- a/docs/auth/session.md
+++ b/docs/auth/session.md
@@ -45,7 +45,7 @@ Any client should follow the standard rules of [cookie protocol](https://tools.i
 parse that header to obtain information about the session, such as session cookie name (`session_id`),
 session cookie value, expiration date, duration, etc.
 
-The duration of the cookie is configurable by Tower Configuration setting `SESSION_COOKIE_AGE` under
+The duration of the cookie is configurable by Tower Configuration setting `AUTH_TOKEN_EXPIRATION` under
 category `authentication`. It is an integer denoting the number of seconds the session cookie should
 live. The default session cookie age is 2 weeks.  
 
@@ -76,7 +76,7 @@ is updated, all sessions she owned will be invalidated and deleted.
 * User should be able to log in via `/api/login/` endpoint by correctly providing all necessary fields.
 * Logged in users should be able to authenticate themselves by providing correct session auth info.
 * Logged in users should be able to log out via `/api/logout/`.
-* The duration of a session cookie should be configurable by `SESSION_COOKIE_AGE`.
+* The duration of a session cookie should be configurable by `AUTH_TOKEN_EXPIRATION`.
 * The maximum number of concurrent login for one user should be configurable by `SESSIONS_PER_USER`,
   and over-limit user sessions should be warned by websocket.
 * When a user's password is changed, all her sessions should be invalidated and deleted.