diff --git a/cas.admin.inc b/cas.admin.inc
index b721d74..f99cd31 100644
--- a/cas.admin.inc
+++ b/cas.admin.inc
@@ -226,6 +226,14 @@ function cas_admin_settings() {
     ),
     '#description' => t('This implements the') . ' <a href="https://wiki.jasig.org/display/CAS/gateway">Gateway feature</a> ' . t('of the CAS Protocol.') . ' <strong>WARNING:</strong> ' . t('Enabling it at all will') . ' <em>' . t('completely disable page caching') . '</em>' . t(', and will prevent users from logging out locally unless also logged out of CAS. Setting it to "Always" will perform redirects on EVERY page load unless the user is already logged in, and is not recommended in most circumstances.'),
   );
+  
+  $form['server']['cas_expired_threshold'] = array(
+    '#type' => 'select',
+    '#title' => t('CAS Tickets Expire Every'),
+    '#default_value' => variable_get('cas_expired_threshold', CAS_EXPIRED_DEFAULT_THRESHOLD),
+    '#options' => array(0 => t('Never')) + drupal_map_assoc(array(3600, 10800, 21600, 43200, 86400, 604800), 'format_interval'),
+    '#description' => t('Force logout of Drupal users after specified time has occurred, should match CAS server\'s expiration of CAS tickets.'),
+  );
 
   $form['pages']['cas_access'] = array(
     '#type' => 'radios',
diff --git a/cas.module b/cas.module
index 0f67f49..3c2735c 100644
--- a/cas.module
+++ b/cas.module
@@ -20,6 +20,7 @@ define('CAS_EXCLUDE', 'services/*');
 define('CAS_CHECK_NEVER', -2);
 define('CAS_CHECK_ONCE', -1);
 define('CAS_CHECK_ALWAYS', 0);
+define('CAS_EXPIRED_DEFAULT_THRESHOLD', 0);
 
 /**
  * Implements hook_init().
@@ -1331,3 +1332,31 @@ function _cas_redirect_after_login($cas_first_login) {
     }
   }
 }
+
+/**
+ * Implements hook_cron().
+ */
+function cas_cron() {
+  _cas_delete_expired_sessions();
+}
+
+/**
+ * Remove expired CAS tickets and Drupal sessions, which logs user out of Drupal.
+ * This is based on the set CAS expiration threshold.
+ */
+function _cas_delete_expired_sessions() {
+  $threshold = variable_get('cas_expired_threshold', CAS_EXPIRED_DEFAULT_THRESHOLD);
+  if ($threshold) {
+    $uids = db_query("SELECT s.uid FROM {sessions} s JOIN {cas_login_data} cld ON cld.uid = s.uid WHERE s.timestamp < :threshold", array(':threshold' => REQUEST_TIME - $threshold))->fetchCol();
+    if ($uids) {
+      db_delete('cas_login_data')
+        ->condition('uid', $uids, 'IN')
+        ->execute();
+    
+      // remove their session
+      db_delete('sessions')
+        ->condition('uid', $uids, 'IN')
+        ->execute();
+    }
+  }
+}
\ No newline at end of file