diff --git a/bin/web/module.js b/bin/web/module.js
index 494c848..1c33030 100644
--- a/bin/web/module.js
+++ b/bin/web/module.js
@@ -100,6 +100,17 @@ methods.start = () => {
 		}
 		app.use(session_handler(session_options));
 
+		// login timeout, clear on all requests
+		app.use((req, res, next) => {
+			if(req.session && req.session.user && req.session.user.login_timeout) {
+				if(Date.now() > req.session.user.login_timeout + cfg.web.loginTimeout * 1000) {
+					res.clearCookie('RememberMe');
+					req.session.destroy();
+				}
+			}
+			next();
+		})
+
 		// web routes
 		let mRoutes = require(global['__dirname']+'/bin/web/routes/static');
 		let mainRoutes = await mRoutes.getRoutes();
diff --git a/bin/web/routes/api/login.js b/bin/web/routes/api/login.js
index 00aaef5..d20552e 100644
--- a/bin/web/routes/api/login.js
+++ b/bin/web/routes/api/login.js
@@ -27,15 +27,6 @@ module.exports = {
 					}));
 				}
 
-				if(Date.now() > req.session.user.loginTimeout + cfg.web.loginTimeout) {
-					res.clearCookie('RememberMe');
-					req.session.destroy();
-					return res.type('json').status(401).end(JSON.stringify({
-						status: 401,
-						message: 'msg.auth.login.failed'
-					}));
-				}
-
 				let mfa = sanitize(req.body.mfa);
 				user = await db.getUser(req.session.user.id);