diff --git a/CHANGES b/CHANGES
index 7be8e53ba2..6fad8e071c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.3.6
 
+  *) mod_session: Session expiry was being initialised, but not updated
+     on each session save, resulting in timed out sessions when there
+     should not have been. Fixed. [Graham Leggett]
+
   *) mod_log_config: Add the R option to log the handler used within the
      request. [Christian Folini <christian.folini netnea com>]
 
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index fa56b36831..b6a75591ea 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -174,6 +174,9 @@ static int ap_session_save(request_rec * r, session_rec * z)
         apr_time_t now = apr_time_now();
         int rv = 0;
 
+        session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
+                                                       &session_module);
+
         /* sanity checks, should we try save at all? */
         if (z->written) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, SESSION_PREFIX
@@ -188,6 +191,12 @@ static int ap_session_save(request_rec * r, session_rec * z)
             return APR_EGENERAL;
         }
 
+        /* reset the expiry back to maxage, if the expiry is present */
+        if (dconf->maxage) {
+            z->expiry = now + dconf->maxage * APR_USEC_PER_SEC;
+            z->maxage = dconf->maxage;
+        }
+
         /* encode the session */
         rv = ap_run_session_encode(r, z);
         if (OK != rv) {