diff --git a/account/middleware.py b/account/middleware.py
new file mode 100644
index 0000000..7024225
--- /dev/null
+++ b/account/middleware.py
@@ -0,0 +1,24 @@
+# coding=utf-8
+import time
+import json
+import urllib
+from django.http import HttpResponseRedirect, HttpResponse
+from django.contrib import auth
+from utils.shortcuts import error_response, error_page
+from .models import ADMIN
+
+
+class SessionSecurityMiddleware(object):
+    def process_request(self, request):
+        if request.user.is_authenticated() and request.user.admin_type >= ADMIN:
+            if "last_activity" in request.session:
+                # 24个小时没有活动
+                if time.time() - request.session["last_activity"] >= 24 * 60 * 60:
+                    auth.logout(request)
+                    if request.is_ajax():
+                        return HttpResponse(json.dumps({"code": 1, "data": u"请先登录"}),
+                                            content_type="application/json")
+                    else:
+                        return HttpResponseRedirect("/login/?__from=" + urllib.quote(request.build_absolute_uri()))
+            # 更新最后活动日期
+            request.session["last_activity"] = time.time()
diff --git a/oj/settings.py b/oj/settings.py
index 2e86e75..83d49ef 100644
--- a/oj/settings.py
+++ b/oj/settings.py
@@ -71,7 +71,8 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
-    'admin.middleware.AdminRequiredMiddleware'
+    'admin.middleware.AdminRequiredMiddleware',
+    'account.middleware.SessionSecurityMiddleware'
 )
 
 ROOT_URLCONF = 'oj.urls'