diff --git a/app/javascript/controllers/notification_controller.js b/app/javascript/controllers/notification_controller.js
index e0291ce..9e09dc4 100644
--- a/app/javascript/controllers/notification_controller.js
+++ b/app/javascript/controllers/notification_controller.js
@@ -4,6 +4,10 @@ export default class extends Controller {
   static targets = ["buttons", "countdown"]
 
   connect() {
+    // Devise timeoutable ends up adding a second flash message without content
+    // TODO investigate bug
+    if (this.element.textContent.trim() == "true") return;
+
     const timeoutSeconds = parseInt(this.data.get("timeout"));
 
     setTimeout(() => {
diff --git a/app/models/user.rb b/app/models/user.rb
index 5734369..a718f36 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -38,7 +38,8 @@ class User < ApplicationRecord
   devise :ldap_authenticatable,
          :confirmable,
          :recoverable,
-         :validatable
+         :validatable,
+         :timeoutable
 
   def ldap_before_save
     self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 3b0ffeb..e1df960 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -210,7 +210,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 24.hours
 
   # ==> Configuration for :lockable
   # Defines which strategy will be used to lock an account.