diff --git a/api.php b/api.php
index ced2072..239a44f 100644
--- a/api.php
+++ b/api.php
@@ -3,6 +3,13 @@
 require __DIR__ . '/required.php';
 header("Content-Type: application/json");
 
+// Oldest session allowed
+$session_min_date = date("Y-m-d H:i:s", strtotime("-" . SESSION_EXPIRE_MINUTES . " minutes"));
+// Delete old sessions
+$old_sessions = $database->select("sessions", "sid", ["timestamp[<]" => $session_min_date]);
+$database->delete("scrambled_answers", ["sid" => $old_sessions]);
+$database->delete("sessions", ["sid" => $old_sessions]);
+
 switch ($VARS['action']) {
     case "ping":
         $out = ["status" => "OK", "pong" => true];
diff --git a/settings.template.php b/settings.template.php
index 5653230..51225e9 100644
--- a/settings.template.php
+++ b/settings.template.php
@@ -11,4 +11,7 @@ define("DB_NAME", "captcheck");
 define("DB_SERVER", "localhost");
 define("DB_USER", "");
 define("DB_PASS", "");
-define("DB_CHARSET", "utf8");
\ No newline at end of file
+define("DB_CHARSET", "utf8");
+
+// Sessions more than this many minutes old will be automatically deleted.
+define("SESSION_EXPIRE_MINUTES", 30);
\ No newline at end of file