diff --git a/src/constants.js b/src/constants.js
index c05b05e4d..f3d36e367 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -32,7 +32,8 @@ exports = module.exports = {
 
     NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',
 
-    DEFAULT_TOKEN_EXPIRATION: 365 * 24 * 60 * 60 * 1000, // 1 year
+    DEFAULT_TOKEN_EXPIRATION_MSECS: 365 * 24 * 60 * 60 * 1000, // 1 year
+    DEFAULT_TOKEN_EXPIRATION_DAYS: 365,
 
     DEFAULT_MEMORY_LIMIT: (256 * 1024 * 1024), // see also client.js
 
diff --git a/src/provision.js b/src/provision.js
index e90597c69..3eb3378ed 100644
--- a/src/provision.js
+++ b/src/provision.js
@@ -138,7 +138,7 @@ function activate(username, password, email, displayName, ip, auditSource, callb
         if (error && error.reason === BoxError.ALREADY_EXISTS) return callback(new BoxError(BoxError.CONFLICT, 'Already activated'));
         if (error) return callback(error);
 
-        tokens.add(tokens.ID_WEBADMIN, userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
+        tokens.add(tokens.ID_WEBADMIN, userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, {}, function (error, result) {
             if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });
diff --git a/src/proxyauth.js b/src/proxyauth.js
index 87c2c4902..5cc5b8963 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -30,7 +30,6 @@ const apps = require('./apps.js'),
 
 let gHttpServer = null;
 let TOKEN_SECRET = null;
-const EXPIRY_DAYS = 7;
 
 function jwtVerify(req, res, next) {
     const token = req.cookies.authToken;
@@ -125,11 +124,11 @@ function auth(req, res, next) {
     }
 
     // user is already authenticated, refresh cookie
-    const token = jwt.sign({ user: req.user }, TOKEN_SECRET, { expiresIn: `${EXPIRY_DAYS}d` });
+    const token = jwt.sign({ user: req.user }, TOKEN_SECRET, { expiresIn: `${constants.DEFAULT_TOKEN_EXPIRATION_DAYS}d` });
 
     res.cookie('authToken', token, {
         httpOnly: true,
-        maxAge: EXPIRY_DAYS * 86400 * 1000, // milliseconds
+        maxAge: constants.DEFAULT_TOKEN_EXPIRATION_MSECS,
         secure: true
     });
 
@@ -177,11 +176,11 @@ function authorize(req, res, next) {
             if (error) return next(new HttpError(403, 'Forbidden' ));
             if (!hasAccess) return next(new HttpError(403, 'Forbidden' ));
 
-            const token = jwt.sign({ user: users.removePrivateFields(req.user) }, TOKEN_SECRET, { expiresIn: `${EXPIRY_DAYS}d` });
+            const token = jwt.sign({ user: users.removePrivateFields(req.user) }, TOKEN_SECRET, { expiresIn: `${constants.DEFAULT_TOKEN_EXPIRATION_DAYS}d` });
 
             res.cookie('authToken', token, {
                 httpOnly: true,
-                maxAge: EXPIRY_DAYS * 86400 * 1000, // milliseconds
+                maxAge: constants.DEFAULT_TOKEN_EXPIRATION_MSECS,
                 secure: true
             });
 
diff --git a/src/routes/cloudron.js b/src/routes/cloudron.js
index 8f470229b..f67334084 100644
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -56,7 +56,7 @@ function login(req, res, next) {
     const error = tokens.validateTokenType(type);
     if (error) return next(new HttpError(400, error.message));
 
-    tokens.add(type, req.user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, token) {
+    tokens.add(type, req.user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, {}, function (error, token) {
         if (error) return next(new HttpError(500, error));
 
         eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: req.user.id, user: users.removePrivateFields(req.user) });
@@ -103,7 +103,7 @@ function passwordReset(req, res, next) {
             if (error && error.reason === BoxError.BAD_FIELD) return next(new HttpError(400, error.message));
             if (error) return next(BoxError.toHttpError(error));
 
-            tokens.add(tokens.ID_WEBADMIN, userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
+            tokens.add(tokens.ID_WEBADMIN, userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, {}, function (error, result) {
                 if (error) return next(BoxError.toHttpError(error));
 
                 next(new HttpSuccess(202, { accessToken: result.accessToken }));
diff --git a/src/users.js b/src/users.js
index ed5eb0126..51a1cf144 100644
--- a/src/users.js
+++ b/src/users.js
@@ -691,7 +691,7 @@ function setupAccount(user, data, auditSource, callback) {
             setPassword(user, data.password, function (error) { // setPassword clears the resetToken
                 if (error) return callback(error);
 
-                tokens.add(tokens.ID_WEBADMIN, user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
+                tokens.add(tokens.ID_WEBADMIN, user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, {}, function (error, result) {
                     if (error) return callback(error);
 
                     callback(null, result.accessToken);