diff --git a/beego.go b/beego.go
index d4b1cacf4571efa9874df3aafc5d23ee2f1368fd..f6bf521c1f72da76a3fd5bc0e09976bada3f1b0c 100644
--- a/beego.go
+++ b/beego.go
@@ -46,6 +46,7 @@ var (
 	ErrorsShow           bool   //set weather show errors
 	XSRFKEY              string //set XSRF
 	EnableXSRF           bool
+	XSRFExpire           int
 	CopyRequestBody      bool //When in raw application, You want to the reqeustbody
 )
 
@@ -76,6 +77,7 @@ func init() {
 	HttpServerTimeOut = 0
 	ErrorsShow = true
 	XSRFKEY = "beegoxsrf"
+	XSRFExpire = 60
 	ParseConfig()
 }
 
diff --git a/config.go b/config.go
index bc6a6b2d75635180a482663bac58c46da310db45..91195ceaddf021c609b59fb9dee598b0baafb9bc 100644
--- a/config.go
+++ b/config.go
@@ -195,6 +195,9 @@ func ParseConfig() (err error) {
 		if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil {
 			EnableXSRF = enablexsrf
 		}
+		if expire, err := AppConfig.Int("xsrfexpire"); err == nil {
+			XSRFExpire = expire
+		}
 	}
 	return nil
 }
diff --git a/controller.go b/controller.go
index 53a5497c3337bb41d816a88cc611428f151174e7..6983b71dba5224daae2b94028b74d70e8c8a5264 100644
--- a/controller.go
+++ b/controller.go
@@ -35,6 +35,7 @@ type Controller struct {
 	_xsrf_token string
 	gotofunc    string
 	CruSession  session.SessionStore
+	XSRFExpire  int
 }
 
 type ControllerInterface interface {
@@ -353,7 +354,13 @@ func (c *Controller) XsrfToken() string {
 			fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano())
 			tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano())
 			token = base64.URLEncoding.EncodeToString([]byte(tok))
-			c.Ctx.SetCookie("_xsrf", token)
+			expire := 0
+			if c.XSRFExpire > 0 {
+				expire = c.XSRFExpire
+			} else {
+				expire = XSRFExpire
+			}
+			c.Ctx.SetCookie("_xsrf", token, expire)
 		}
 		c._xsrf_token = token
 	}