diff --git a/compendium_v2/routes/authentication.py b/compendium_v2/routes/authentication.py
index f3273abe4f4dcf13a39f391573ac3ca3ea011f49..aec7d330a40ba5837ce3b168e6177af965bb1d5b 100644
--- a/compendium_v2/routes/authentication.py
+++ b/compendium_v2/routes/authentication.py
@@ -1,12 +1,19 @@
-
-from flask_login import login_required, login_user, logout_user  # type: ignore
-from flask import Blueprint, url_for, redirect
+from flask_login import login_user, logout_user  # type: ignore
+from flask import Blueprint, url_for, redirect, session, current_app
+from datetime import timedelta
 from compendium_v2.auth import get_client
 from compendium_v2.auth.session_management import fetch_user, create_user
 
 routes = Blueprint('authentication', __name__)
 
 
+@routes.before_request
+def before_request():
+    # logout users if they haven't visited in 7 days (session refreshes on each visit)
+    session.permanent = True
+    current_app.permanent_session_lifetime = timedelta(days=7)
+
+
 @routes.route('/login')
 def login():
     client = get_client()
@@ -37,7 +44,6 @@ def authorize():
 
 
 @routes.route("/logout")
-@login_required
 def logout():
     # The user will be logged out of the application, but not the IDP.
     # If they visit again before their oauth token expires, they are immediately logged in.