diff --git a/lib/session.php b/lib/session.php
index 2ee7802dafce234fedd6c81c7e6a8cb7c0fec572..135d299341a228a958c1f07ac8eaca9403e53fb6 100644
--- a/lib/session.php
+++ b/lib/session.php
@@ -25,6 +25,7 @@ public	$token='';		// session identifier
 public  $logintime='';  // Time which user last gave us credentials
 public	$lastseen='';		// Time of last page request
 private	$timeout = 2880;	// Idle timeout limit in minutes (session deleted), 2880 == 48 hours
+private $anonymous_timeout = 120; // Idle timeout limit for sessions which aren't logged in (set lower to stop the session table getting swamped)
 private $secure_timeout = 30;   // Idle timeout limit in minutes (consider session less secure, require reauth for sensitive ops)
 private $max_session_length = 11520; // maximum length of a session, 11520 == 8 days
 private	$table = "session";	// session storage table (const)
@@ -82,8 +83,9 @@ private $datahash='';		// hash of data field
 
 		// Time out any old sessions
 		$DB->Execute(
-			"delete from {$this->table} where lastseen < NOW() - '{$this->timeout} minutes'::reltime".
-			"or logintime < NOW() - '{$this->max_session_length} minutes'::reltime"
+			"delete from {$this->table} where lastseen < NOW() - '{$this->timeout} minutes'::reltime ".
+			"or logintime < NOW() - '{$this->max_session_length} minutes'::reltime ".
+			"or (username IS NULL AND lastseen < NOW() - '{$this->anonymous_timeout} minutes'::reltime)"
 		);