diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index 721a4069d4..88176b188d 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -117,6 +117,7 @@ def create_session_response(request: Request, user, db, response: Response = Non
 
     if set_cookie and response:
         datetime_expires_at = datetime.datetime.fromtimestamp(expires_at, datetime.timezone.utc) if expires_at else None
+        max_age = int(expires_delta.total_seconds()) if expires_delta else None
         response.set_cookie(
             key='token',
             value=token,
@@ -124,6 +125,7 @@ def create_session_response(request: Request, user, db, response: Response = Non
             httponly=True,
             samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
             secure=WEBUI_AUTH_COOKIE_SECURE,
+            **({'max_age': max_age} if max_age is not None else {}),
         )
 
     user_permissions = get_permissions(user.id, request.app.state.config.USER_PERMISSIONS, db=db)
@@ -181,6 +183,7 @@ async def get_session_user(
             )
 
         # Set the cookie token
+        max_age = int(expires_at - time.time()) if expires_at else None
         response.set_cookie(
             key='token',
             value=token,
@@ -188,6 +191,7 @@ async def get_session_user(
             httponly=True,  # Ensures the cookie is not accessible via JavaScript
             samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
             secure=WEBUI_AUTH_COOKIE_SECURE,
+            **({'max_age': max_age} if max_age is not None else {}),
         )
 
     user_permissions = get_permissions(user.id, request.app.state.config.USER_PERMISSIONS, db=db)
diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py
index 202dd42d4a..cfe7c429e5 100644
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -1533,6 +1533,10 @@ class OAuthManager:
 
         response = RedirectResponse(url=redirect_url, headers=response.headers)
 
+        # Compute cookie expiry from JWT lifetime
+        expires_delta = parse_duration(auth_manager_config.JWT_EXPIRES_IN)
+        cookie_max_age = int(expires_delta.total_seconds()) if expires_delta else None
+
         # Set the cookie token
         # Redirect back to the frontend with the JWT token
         response.set_cookie(
@@ -1541,6 +1545,7 @@ class OAuthManager:
             httponly=False,  # Required for frontend access
             samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
             secure=WEBUI_AUTH_COOKIE_SECURE,
+            **({'max_age': cookie_max_age} if cookie_max_age is not None else {}),
         )
 
         # Legacy cookies for compatibility with older frontend versions
@@ -1551,6 +1556,7 @@ class OAuthManager:
                 httponly=True,
                 samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
                 secure=WEBUI_AUTH_COOKIE_SECURE,
+                **({'max_age': cookie_max_age} if cookie_max_age is not None else {}),
             )
 
         try:
@@ -1588,6 +1594,7 @@ class OAuthManager:
                     httponly=True,
                     samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
                     secure=WEBUI_AUTH_COOKIE_SECURE,
+                    **({'max_age': cookie_max_age, 'expires': cookie_expires} if cookie_max_age is not None else {}),
                 )
 
                 log.info(f'Stored OAuth session server-side for user {user.id}, provider {provider}')