diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
index 58d4702b7a..7892c5c614 100644
--- a/app/controllers/external_controller.rb
+++ b/app/controllers/external_controller.rb
@@ -72,10 +72,9 @@ def create_user
       return redirect_to pending_path if user.pending?
     end
 
-    user.generate_session_token!
-
     # set the cookie based on session timeout setting
     session_timeout = SettingGetter.new(setting_name: 'SessionTimeout', provider: current_provider).call
+    user.generate_session_token!(extended_session: session_timeout)
     handle_session_timeout(session_timeout.to_i, user) if session_timeout
 
     session[:session_token] = user.session_token
diff --git a/app/models/user.rb b/app/models/user.rb
index a05f6956ce..53d724191c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -121,7 +121,7 @@ def self.reset_token_expired?(sent_at)
   # Gives the session token and expiry a default value before saving
   def set_session_token
     self.session_token = User.generate_digest(SecureRandom.alphanumeric(40))
-    self.session_expiry = 6.hours.from_now
+    self.session_expiry = 24.hours.from_now
   end
 
   def generate_session_token!(extended_session: false)