diff --git a/web/includes/session.php b/web/includes/session.php
index 1e2601f08..8d4c28a68 100644
--- a/web/includes/session.php
+++ b/web/includes/session.php
@@ -21,11 +21,18 @@ function zm_session_start() {
 
   session_start();
   $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
+  $now = time();
   // Do not allow to use expired session ID
-  if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < (time() - 180)) ) {
+  if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < ($now - 180)) ) {
     ZM\Info('Destroying session due to timeout. ');
     session_destroy();
     session_start();
+  } else if ( !empty($_SESSION['generated_at']) ) {
+    ZM\Logger::Debug("Have generated_at: " . $_SESSION['generated_at']);
+    if ( $_SESSION['generated_at']<($now-(ZM_COOKIE_LIFETIME/2)) ) {
+      ZM\Logger::Debug("Regenerating session because generated_at " . $_SESSION['generated_at'] . ' < ' . $now . '-'.ZM_COOKIE_LIFETIME.'/2 = '.($now-ZM_COOKIE_LIFETIME/2));
+      zm_session_regenerate_id();
+    }
   }
 } // function zm_session_start()
 
@@ -44,6 +51,7 @@ function zm_session_regenerate_id() {
   session_start();
   session_regenerate_id();
   unset($_SESSION['last_time']);
+  $_SESSION['generated_at'] = time();
 } // function zm_session_regenerate_id()
 
 function is_session_started() {