diff --git a/cmd/rdpgw/web/session.go b/cmd/rdpgw/web/session.go
index fca4bc92b10299b3dd82b33eac587937dd73f430..be79db76e2099c4146647605de0289f1742e42f4 100644
--- a/cmd/rdpgw/web/session.go
+++ b/cmd/rdpgw/web/session.go
@@ -9,9 +9,10 @@ import (
 )
 
 const (
-	rdpGwSession = "RDPGWSESSION"
-	MaxAge       = 120
-	identityKey  = "RDPGWID"
+	rdpGwSession     = "RDPGWSESSION"
+	MaxAge           = 120
+	identityKey      = "RDPGWID"
+	maxSessionLength = 8192
 )
 
 var sessionStore sessions.Store
@@ -26,7 +27,13 @@ func InitStore(sessionKey []byte, encryptionKey []byte, storeType string) {
 
 	if storeType == "file" {
 		log.Println("Filesystem is used as session storage")
-		sessionStore = sessions.NewFilesystemStore(os.TempDir(), sessionKey, encryptionKey)
+		fs := sessions.NewFilesystemStore(os.TempDir(), sessionKey, encryptionKey)
+
+		// set max length
+		log.Printf("Setting maximum session storage to %d bytes", maxSessionLength)
+		fs.MaxLength(maxSessionLength)
+
+		sessionStore = fs
 	} else {
 		log.Println("Cookies are used as session storage")
 		sessionStore = sessions.NewCookieStore(sessionKey, encryptionKey)