diff --git a/config-templates/config.php b/config-templates/config.php
index b9f1bfb2c1072fabfd931b95d0bf40fd85e2ecc2..243d3d150ab11364cfc50b3922a17e14328edc98 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -170,6 +170,11 @@ $config = array (
 	 */
 	'session.datastore.timeout' => (4*60*60), // 4 hours
 	
+	/*
+	 * Sets the duration, in seconds, auth state should be stored.
+	 */
+	'session.state.timeout' => (60*60), // 1 hour
+
 	/*
 	 * Option to override the default settings for the session cookie name
 	 */
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 635881225f2f27b373031e06a04bf4adb743512a..c1bfdb6302f4bdad3edccd3c4af4c58518bce697 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -79,6 +79,12 @@ class SimpleSAML_Auth_State {
 	const EXCEPTION_PARAM = 'SimpleSAML_Auth_State_exceptionId';
 
 
+	/**
+	 * State timeout.
+	 */
+	private static $stateTimeout = NULL;
+
+
 	/**
 	 * Retrieve the ID of a state array.
 	 *
@@ -108,6 +114,21 @@ class SimpleSAML_Auth_State {
 	}
 
 
+	/**
+	 * Retrieve state timeout.
+	 *
+	 * @return integer  State timeout.
+	 */
+	private static function getStateTimeout() {
+		if (self::$stateTimeout === NULL) {
+			$globalConfig = SimpleSAML_Configuration::getInstance();
+			self::$stateTimeout = $globalConfig->getInteger('session.state.timeout', 60*60);
+		}
+
+		return self::$stateTimeout;
+	}
+
+
 	/**
 	 * Save the state.
 	 *
@@ -133,7 +154,7 @@ class SimpleSAML_Auth_State {
 		/* Save state. */
 		$serializedState = serialize($state);
 		$session = SimpleSAML_Session::getInstance();
-		$session->setData('SimpleSAML_Auth_State', $id, $serializedState, 60*60);
+		$session->setData('SimpleSAML_Auth_State', $id, $serializedState, self::getStateTimeout());
 
 		SimpleSAML_Logger::debug('Saved state: ' . var_export($return, TRUE));