diff --git a/wp-login.php b/wp-login.php
index 04307353f3..3cda41c3ff 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -314,8 +314,17 @@ case 'postpass' :
 	require_once ABSPATH . 'wp-includes/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );
 
-	// 10 days
-	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
+	/**
+	 * Filter the life of the post password cookie.
+	 *
+	 * By default, the cookie expires 10 days from now.
+	 * To turn this into a session cookie, return 0.
+	 *
+	 * @since 3.7.0
+	 * @param int $expires The expiry time, as passed to setcookie().
+	 */
+	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
+	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
 
 	wp_safe_redirect( wp_get_referer() );
 	exit();