diff --git a/form.php b/form.php
index 3e73626..63c957d 100644
--- a/form.php
+++ b/form.php
@@ -546,6 +546,9 @@ class csrf
   public $field = "CSRF_TOKEN";
   /** The created token */
   private $csrfToken = "";
+  /** Timeout of the CSRF token : 3600s by default (maximum time allowed to
+      enter information in form and submit) */
+  private $csrfTimeout = 3600;
 
   /** This function return the token */
   public function createToken ()
@@ -557,6 +560,7 @@ class csrf
          ++$i);
     $this->csrfToken = $s;
     $_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
+    $_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
   }
 
   /** Check if the provided token is the right token, defined last displayed
@@ -569,6 +573,9 @@ class csrf
       throw new Exception (_("No previous CSRF token : abort"));
     if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
       throw new Exception (_("Invalid CSRF token provided"));
+    if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
+        microtime (TRUE))
+      throw new Exception (_("Obsolete CSRF token provided"));
     return TRUE;
   }