diff --git a/platypush/backend/http/app/routes/login.py b/platypush/backend/http/app/routes/login.py
index 5aba3b6c..c97a789f 100644
--- a/platypush/backend/http/app/routes/login.py
+++ b/platypush/backend/http/app/routes/login.py
@@ -38,14 +38,16 @@ def login():
         username = request.form.get('username')
         password = request.form.get('password')
         remember = request.form.get('remember')
+        expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \
+            if remember else None
+
         session = user_manager.create_user_session(username=username, password=password,
-                                                   expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1)
-                                                   if not remember else None)
+                                                   expires_at=expires)
 
         if session:
             redirect_target = redirect(redirect_page, 302)
             response = make_response(redirect_target)
-            response.set_cookie('session_token', session.session_token)
+            response.set_cookie('session_token', session.session_token, expires=expires)
             return response
 
     return render_template('login.html', utils=HttpUtils)
diff --git a/platypush/backend/http/app/utils.py b/platypush/backend/http/app/utils.py
index e488a912..3566412b 100644
--- a/platypush/backend/http/app/utils.py
+++ b/platypush/backend/http/app/utils.py
@@ -165,6 +165,8 @@ def _authenticate_csrf_token():
 
     if user_session_token:
         user, session = user_manager.authenticate_user_session(user_session_token)
+    else:
+        return False
 
     if user is None:
         return False