diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index f588ed8a..3ea77448 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -962,10 +962,16 @@ void stun_tid_generate_in_message_str(u08bits* buf, stun_tid* id) {
 
 /////////////////// TIME ////////////////////////////////////////////////////////
 
-u32bits stun_adjust_allocate_lifetime(u32bits lifetime) {
-  if(!lifetime) return STUN_DEFAULT_ALLOCATE_LIFETIME;
-  else if(lifetime<STUN_MIN_ALLOCATE_LIFETIME) return STUN_MIN_ALLOCATE_LIFETIME;
-  else if(lifetime>STUN_MAX_ALLOCATE_LIFETIME) return STUN_MAX_ALLOCATE_LIFETIME;
+turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_lifetime) {
+
+  if(!lifetime) lifetime = STUN_DEFAULT_ALLOCATE_LIFETIME;
+  else if(lifetime<STUN_MIN_ALLOCATE_LIFETIME) lifetime = STUN_MIN_ALLOCATE_LIFETIME;
+  else if(lifetime>STUN_MAX_ALLOCATE_LIFETIME) lifetime = STUN_MAX_ALLOCATE_LIFETIME;
+
+  if(max_lifetime && (max_lifetime < lifetime)) {
+  	lifetime = max_lifetime;
+  }
+
   return lifetime;
 }
 
diff --git a/src/client/ns_turn_msg.h b/src/client/ns_turn_msg.h
index d756ad06..09e29d01 100644
--- a/src/client/ns_turn_msg.h
+++ b/src/client/ns_turn_msg.h
@@ -90,7 +90,7 @@ u16bits stun_make_error_response(u16bits method);
 
 ///////////////////////////////////////////////////////////////
 
-u32bits stun_adjust_allocate_lifetime(u32bits lifetime);
+turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_lifetime);
 
 ///////////// STR ////////////////////////////////////////////////
 
diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
index 9574c683..aac5dc26 100644
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@@ -961,7 +961,7 @@ static int handle_turn_allocate(turn_turnserver *server,
 	} else {
 
 		u08bits transport = 0;
-		u32bits lifetime = 0;
+		turn_time_t lifetime = 0;
 		int even_port = -1;
 		int dont_fragment = 0;
 		u64bits in_reservation_token = 0;
@@ -1158,10 +1158,7 @@ static int handle_turn_allocate(turn_turnserver *server,
 				}
 			}
 
-			lifetime = stun_adjust_allocate_lifetime(lifetime);
-			if(ss->max_session_time_auth && (ss->max_session_time_auth < lifetime)) {
-				lifetime = ss->max_session_time_auth;
-			}
+			lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth);
 			u64bits out_reservation_token = 0;
 
 			if(inc_quota(ss, username)<0) {
@@ -1399,7 +1396,7 @@ static int handle_turn_refresh(turn_turnserver *server,
 
 	} else {
 
-		u32bits lifetime = 0;
+		turn_time_t lifetime = 0;
 		int to_delete = 0;
 		mobile_id_t mid = 0;
 		char smid[sizeof(ss->s_mobile_id)] = "\0";
@@ -1552,17 +1549,19 @@ static int handle_turn_refresh(turn_turnserver *server,
 						//Check security:
 						int postpone_reply = 0;
 
-						ns_bcopy(orig_ss->nonce,ss->nonce,sizeof(ss->nonce));
-						ss->nonce_expiration_time = orig_ss->nonce_expiration_time;
-						ns_bcopy(&(orig_ss->realm_options),&(ss->realm_options),sizeof(ss->realm_options));
-						ns_bcopy(orig_ss->username,ss->username,sizeof(ss->username));
-						ss->hmackey_set = orig_ss->hmackey_set;
-						ns_bcopy(orig_ss->hmackey,ss->hmackey,sizeof(ss->hmackey));
-						ss->oauth = orig_ss->oauth;
-						ns_bcopy(orig_ss->origin,ss->origin,sizeof(ss->origin));
-						ss->origin_set = orig_ss->origin_set;
-						ns_bcopy(orig_ss->pwd,ss->pwd,sizeof(ss->pwd));
-						ss->max_session_time_auth = orig_ss->max_session_time_auth;
+						if(!ss->hmackey_set) {
+							ns_bcopy(orig_ss->nonce,ss->nonce,sizeof(ss->nonce));
+							ss->nonce_expiration_time = orig_ss->nonce_expiration_time;
+							ns_bcopy(&(orig_ss->realm_options),&(ss->realm_options),sizeof(ss->realm_options));
+							ns_bcopy(orig_ss->username,ss->username,sizeof(ss->username));
+							ss->hmackey_set = orig_ss->hmackey_set;
+							ns_bcopy(orig_ss->hmackey,ss->hmackey,sizeof(ss->hmackey));
+							ss->oauth = orig_ss->oauth;
+							ns_bcopy(orig_ss->origin,ss->origin,sizeof(ss->origin));
+							ss->origin_set = orig_ss->origin_set;
+							ns_bcopy(orig_ss->pwd,ss->pwd,sizeof(ss->pwd));
+							ss->max_session_time_auth = orig_ss->max_session_time_auth;
+						}
 
 						if(check_stun_auth(server, ss, tid, resp_constructed, err_code, reason, in_buffer, nbh,
 								STUN_METHOD_REFRESH, &message_integrity, &postpone_reply, can_resume)<0) {
@@ -1582,10 +1581,7 @@ static int handle_turn_refresh(turn_turnserver *server,
 							if (to_delete)
 								lifetime = 0;
 							else {
-								lifetime = stun_adjust_allocate_lifetime(lifetime);
-								if(ss->max_session_time_auth && (ss->max_session_time_auth < lifetime)) {
-									lifetime = ss->max_session_time_auth;
-								}
+								lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth);
 							}
 
 							if (af4c && refresh_relay_connection(server, orig_ss, lifetime, 0, 0, 0,
@@ -1695,8 +1691,9 @@ static int handle_turn_refresh(turn_turnserver *server,
 
 			if (to_delete)
 				lifetime = 0;
-			else
-				lifetime = stun_adjust_allocate_lifetime(lifetime);
+			else {
+				lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth);
+			}
 
 			if(!af4 && !af6) {
 				af4 = af4c;