diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index 0d06ff2..651db71 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -112,7 +112,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
   }
   else {
     // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
-    $timeout = 86400;
+    $timeout = variable_get('user_pass_reset_timeout', 86400);
     $current = REQUEST_TIME;
     // Some redundant checks for extra security ?
     $users = user_load_multiple(array($uid), array('status' => '1'));
@@ -508,7 +508,7 @@ function user_cancel_methods() {
  */
 function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') {
   // Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
-  $timeout = 86400;
+  $timeout = variable_get('user_cancel_timeout', 86400);
   $current = REQUEST_TIME;
 
   // Basic validation of arguments.
diff --git a/modules/user/user.test b/modules/user/user.test
index 6ecbfac..cd1d82e 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -567,7 +567,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
     $this->assertTrue($account->status == 1, t('User account was not canceled.'));
 
     // Attempt expired account cancellation request confirmation.
-    $bogus_timestamp = $timestamp - 86400 - 60;
+    $bogus_timestamp = $timestamp - variable_get('user_cancel_timeout', 86400) - 60;
     $this->drupalGet("user/$account->uid/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
     $this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), t('Expired cancel account request rejected.'));
     $accounts = user_load_multiple(array($account->uid), array('status' => 1));