diff --git a/.env.example b/.env.example
index 5fbdfbe9..21e776f5 100644
--- a/.env.example
+++ b/.env.example
@@ -162,7 +162,6 @@ TRUSTED_PROXIES=null
 
 BROADCAST_DRIVER=log
 QUEUE_DRIVER=sync
-SESSION_LIFETIME=120
 
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null
diff --git a/.env.testing b/.env.testing
index da991acb..8f9a02c4 100644
--- a/.env.testing
+++ b/.env.testing
@@ -31,7 +31,6 @@ BROADCAST_DRIVER=log
 CACHE_DRIVER=array
 QUEUE_CONNECTION=sync
 SESSION_DRIVER=array
-SESSION_LIFETIME=120
 
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null
diff --git a/config/session.php b/config/session.php
index a60d38cb..61c0a296 100644
--- a/config/session.php
+++ b/config/session.php
@@ -31,7 +31,7 @@
     |
     */
 
-    'lifetime' => env('SESSION_LIFETIME', 120),
+    'lifetime' => 1 * (60 * 24 * 90),
 
     'expire_on_close' => false,
 
diff --git a/resources/js/api.js b/resources/js/api.js
index 0bbb2299..9a6b266b 100644
--- a/resources/js/api.js
+++ b/resources/js/api.js
@@ -20,11 +20,10 @@ Vue.axios.interceptors.response.use(response => response, error => {
         return Promise.reject(error);
     }
 
-    // Otherwise we push to a specific or generic error view
-    let routeName = 'genericError'
-
+    // Push to the login view and force the page to refresh to get a fresh CSRF token
     if ( error.response.status === 401 ) {
-        routeName = 'login'
+        router.push({ name: 'login', params: { forceRefresh: true } })
+        throw new Vue.axios.Cancel();
     }
 
     if ( error.response.status === 407 ) {
@@ -32,6 +31,9 @@ Vue.axios.interceptors.response.use(response => response, error => {
         throw new Vue.axios.Cancel();
     }
 
+    // we push to a specific or generic error view
+    let routeName = 'genericError'
+
     // api calls are stateless so when user inactivity is detected
     // by the backend middleware it cannot logout the user directly
     // so it returns a 418 response.