diff --git a/lib/www/server/api/middleware/auth/authentify.js b/lib/www/server/api/middleware/auth/authentify.js
index 383912d..e79a111 100644
--- a/lib/www/server/api/middleware/auth/authentify.js
+++ b/lib/www/server/api/middleware/auth/authentify.js
@@ -53,6 +53,23 @@ async function auth (req, res, next) {
 	// Check for a valid JWT (already decoded by a previous
 	// middleware).
 	if (req.user) {
+		if (!req.user.autologin) {
+			// If this is not an automatic login, check if the token is in the
+			// second half of its lifetime. If so, reissue a new one, valid for
+			// another cfg.jwt.options.expiresIn seconds.
+			if (req.user.exp) {
+				const ttl = req.user.exp - Date.now()/1000;
+				if (ttl < cfg.jwt.options.expiresIn/2) {
+					const credentials = cfg._("global.users.login.user").find(i => i.name == req.user.name && i.role == req.user.role);
+					if (credentials) {
+						// Refresh token
+						payload = Object.assign({}, credentials);
+						delete payload.hash;
+						jwt.issue(Object.assign({}, credentials), req, res);
+					}
+				}
+			}
+		}
 		next();
 		return;
 	}