diff --git a/server/api/helcim/customer.post.js b/server/api/helcim/customer.post.js
index 3e8c7ee..42d266d 100644
--- a/server/api/helcim/customer.post.js
+++ b/server/api/helcim/customer.post.js
@@ -106,7 +106,7 @@ export default defineEventHandler(async (event) => {
         helcimCustomerId: customerData.id 
       },
       config.jwtSecret,
-      { expiresIn: '24h' }
+      { expiresIn: '7d' }
     )
 
     // Set the session cookie server-side
@@ -114,7 +114,7 @@ export default defineEventHandler(async (event) => {
       httpOnly: true,
       secure: process.env.NODE_ENV === 'production',
       sameSite: 'lax',
-      maxAge: 60 * 60 * 24, // 24 hours
+      maxAge: 60 * 60 * 24 * 7, // 7 days (matches verify.get.js and refresh.post.js)
       path: '/',
       domain: undefined // Let browser set domain automatically
     })