diff --git a/cmd/auth-rpc-client.go b/cmd/auth-rpc-client.go
index dbaaaee3e..cb956d701 100644
--- a/cmd/auth-rpc-client.go
+++ b/cmd/auth-rpc-client.go
@@ -59,7 +59,7 @@ type RPCLoginReply struct {
 
 // Validates if incoming token is valid.
 func isRPCTokenValid(tokenStr string) bool {
-	jwt, err := newJWT(defaultTokenExpiry) // Expiry set to 100yrs.
+	jwt, err := newJWT(defaultInterNodeJWTExpiry)
 	if err != nil {
 		errorIf(err, "Unable to initialize JWT")
 		return false
diff --git a/cmd/controller-handlers.go b/cmd/controller-handlers.go
index b20c1f2d5..75d819192 100644
--- a/cmd/controller-handlers.go
+++ b/cmd/controller-handlers.go
@@ -28,7 +28,7 @@ var errServerVersionMismatch = errors.New("Server versions do not match.")
 
 // Login - login handler.
 func (c *controllerAPIHandlers) LoginHandler(args *RPCLoginArgs, reply *RPCLoginReply) error {
-	jwt, err := newJWT(defaultTokenExpiry)
+	jwt, err := newJWT(defaultInterNodeJWTExpiry)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/lock-rpc-server.go b/cmd/lock-rpc-server.go
index 837bc41ea..ea40429e3 100644
--- a/cmd/lock-rpc-server.go
+++ b/cmd/lock-rpc-server.go
@@ -141,7 +141,7 @@ func registerStorageLockers(mux *router.Router, lockServers []*lockServer) {
 
 // LoginHandler - handles LoginHandler RPC call.
 func (l *lockServer) LoginHandler(args *RPCLoginArgs, reply *RPCLoginReply) error {
-	jwt, err := newJWT(defaultTokenExpiry)
+	jwt, err := newJWT(defaultInterNodeJWTExpiry)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/signature-jwt.go b/cmd/signature-jwt.go
index bcf99fc31..28da1d701 100644
--- a/cmd/signature-jwt.go
+++ b/cmd/signature-jwt.go
@@ -30,11 +30,15 @@ const jwtAlgorithm = "Bearer"
 // JWT - jwt auth backend
 type JWT struct {
 	credential
+	expiry time.Duration
 }
 
-// Default each token expires in 100yrs.
 const (
-	defaultTokenExpiry time.Duration = time.Hour * 876000 // 100yrs.
+	// Default JWT token for web handlers is one day.
+	defaultJWTExpiry time.Duration = time.Hour * 24
+
+	// Inter-node JWT token expiry is 100 years.
+	defaultInterNodeJWTExpiry time.Duration = time.Hour * 24 * 365 * 100
 )
 
 // newJWT - returns new JWT object.
@@ -52,7 +56,7 @@ func newJWT(expiry time.Duration) (*JWT, error) {
 		return nil, errors.New("Invalid secret key")
 	}
 
-	return &JWT{cred}, nil
+	return &JWT{cred, expiry}, nil
 }
 
 // GenerateToken - generates a new Json Web Token based on the incoming access key.
@@ -67,7 +71,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
 	tUTCNow := time.Now().UTC()
 	token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.MapClaims{
 		// Token expires in 10hrs.
-		"exp": tUTCNow.Add(defaultTokenExpiry).Unix(),
+		"exp": tUTCNow.Add(jwt.expiry).Unix(),
 		"iat": tUTCNow.Unix(),
 		"sub": accessKey,
 	})
diff --git a/cmd/signature-jwt_test.go b/cmd/signature-jwt_test.go
index 0405f7435..0300ef389 100644
--- a/cmd/signature-jwt_test.go
+++ b/cmd/signature-jwt_test.go
@@ -108,7 +108,7 @@ func TestNewJWT(t *testing.T) {
 			serverConfig.SetCredential(*testCase.cred)
 		}
 
-		_, err := newJWT(defaultWebTokenExpiry)
+		_, err := newJWT(defaultJWTExpiry)
 
 		if testCase.expectedErr != nil {
 			if err == nil {
@@ -132,7 +132,7 @@ func TestGenerateToken(t *testing.T) {
 	}
 	defer removeAll(testPath)
 
-	jwt, err := newJWT(defaultWebTokenExpiry)
+	jwt, err := newJWT(defaultJWTExpiry)
 	if err != nil {
 		t.Fatalf("unable get new JWT, %s", err)
 	}
@@ -179,7 +179,7 @@ func TestAuthenticate(t *testing.T) {
 	}
 	defer removeAll(testPath)
 
-	jwt, err := newJWT(defaultWebTokenExpiry)
+	jwt, err := newJWT(defaultJWTExpiry)
 	if err != nil {
 		t.Fatalf("unable get new JWT, %s", err)
 	}
diff --git a/cmd/storage-rpc-server.go b/cmd/storage-rpc-server.go
index 6f347c2c0..99cc55a5a 100644
--- a/cmd/storage-rpc-server.go
+++ b/cmd/storage-rpc-server.go
@@ -40,7 +40,7 @@ type storageServer struct {
 
 // Login - login handler.
 func (s *storageServer) LoginHandler(args *RPCLoginArgs, reply *RPCLoginReply) error {
-	jwt, err := newJWT(defaultTokenExpiry)
+	jwt, err := newJWT(defaultInterNodeJWTExpiry)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go
index 976c171be..afd458a48 100644
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -42,7 +42,7 @@ import (
 // isJWTReqAuthenticated validates if any incoming request to be a
 // valid JWT authenticated request.
 func isJWTReqAuthenticated(req *http.Request) bool {
-	jwt, err := newJWT(defaultWebTokenExpiry)
+	jwt, err := newJWT(defaultJWTExpiry)
 	if err != nil {
 		errorIf(err, "unable to initialize a new JWT")
 		return false
@@ -290,14 +290,9 @@ type LoginRep struct {
 	UIVersion string `json:"uiVersion"`
 }
 
-// Default JWT for minio browser expires in 24hrs.
-const (
-	defaultWebTokenExpiry time.Duration = time.Hour * 24 // 24Hrs.
-)
-
 // Login - user login handler.
 func (web *webAPIHandlers) Login(r *http.Request, args *LoginArgs, reply *LoginRep) error {
-	jwt, err := newJWT(defaultWebTokenExpiry)
+	jwt, err := newJWT(defaultJWTExpiry)
 	if err != nil {
 		return &json2.Error{Message: err.Error()}
 	}
@@ -362,7 +357,7 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
 		return &json2.Error{Message: err.Error()}
 	}
 
-	jwt, err := newJWT(defaultWebTokenExpiry) // JWT Expiry set to 24Hrs.
+	jwt, err := newJWT(defaultJWTExpiry) // JWT Expiry set to 24Hrs.
 	if err != nil {
 		return &json2.Error{Message: err.Error()}
 	}
@@ -447,7 +442,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) {
 	object := vars["object"]
 	tokenStr := r.URL.Query().Get("token")
 
-	jwt, err := newJWT(defaultWebTokenExpiry) // Expiry set to 24Hrs.
+	jwt, err := newJWT(defaultJWTExpiry) // Expiry set to 24Hrs.
 	if err != nil {
 		errorIf(err, "error in getting new JWT")
 		return