diff --git a/AUTHORS b/AUTHORS
index e098338d..1aaa781e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -36,3 +36,4 @@ Rotem Yaari
 Srijan Choudhary
 Tristan Escalada
 Vadim Kotov
+Walt Askew
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 018d4ae9..0a9bf69b 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -37,6 +37,10 @@ Core
 ``SECURITY_TOKEN_AUTHENTICATION_HEADER`` Specifies the HTTP header to read when
                                          using token authentication. Defaults to
                                          ``Authentication-Token``.
+``SECURITY_TOKEN_MAX_AGE``               Specifies the number of seconds before
+                                         an authentication token expires.
+                                         Defaults to None, meaning the token
+                                         never expires.
 ``SECURITY_DEFAULT_HTTP_AUTH_REALM``     Specifies the default authentication
                                          realm when using basic HTTP auth.
                                          Defaults to ``Login Required``
diff --git a/flask_security/core.py b/flask_security/core.py
index fb2a6b67..d29149c5 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -75,6 +75,7 @@
     'EMAIL_SENDER': 'no-reply@localhost',
     'TOKEN_AUTHENTICATION_KEY': 'auth_token',
     'TOKEN_AUTHENTICATION_HEADER': 'Authentication-Token',
+    'TOKEN_MAX_AGE': None,
     'CONFIRM_SALT': 'confirm-salt',
     'RESET_SALT': 'reset-salt',
     'LOGIN_SALT': 'login-salt',
@@ -192,7 +193,7 @@ def _user_loader(user_id):
 
 def _token_loader(token):
     try:
-        data = _security.remember_token_serializer.loads(token)
+        data = _security.remember_token_serializer.loads(token, max_age=_security.token_max_age)
         user = _security.datastore.find_user(id=data[0])
         if user and safe_str_cmp(md5(user.password), data[1]):
             return user