diff --git a/ext/session/session.c b/ext/session/session.c
index 0ebdf51251aa1..dd780f4afd424 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -693,9 +693,18 @@ static PHP_INI_MH(OnUpdateCookieLifetime) /* {{{ */
 {
 	SESSION_CHECK_ACTIVE_STATE;
 	SESSION_CHECK_OUTPUT_STATE;
-	if (atol(ZSTR_VAL(new_value)) < 0) {
+
+#ifdef ZEND_ENABLE_ZVAL_LONG64
+	const zend_long maxcookie = ZEND_LONG_MAX - INT_MAX - 1;
+#else
+	const zend_long maxcookie = ZEND_LONG_MAX / 2 - 1;
+#endif
+	zend_long v = (zend_long)atol(ZSTR_VAL(new_value));
+	if (v < 0) {
 		php_error_docref(NULL, E_WARNING, "CookieLifetime cannot be negative");
 		return FAILURE;
+	} else if (v > maxcookie) {
+		return SUCCESS;
 	}
 	return OnUpdateLongGEZero(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
 }
diff --git a/ext/session/tests/gh16290.phpt b/ext/session/tests/gh16290.phpt
new file mode 100644
index 0000000000000..d341eb47471b8
--- /dev/null
+++ b/ext/session/tests/gh16290.phpt
@@ -0,0 +1,13 @@
+--TEST--
+GH-16290 (overflow on session cookie_lifetime ini)
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+session_set_cookie_params(PHP_INT_MAX, '/', null, false, true);
+echo "DONE";
+?>
+--EXPECT--
+DONE
diff --git a/ext/session/tests/session_get_cookie_params_basic.phpt b/ext/session/tests/session_get_cookie_params_basic.phpt
index d34f7ccbf95c3..65b020d30b9ec 100644
--- a/ext/session/tests/session_get_cookie_params_basic.phpt
+++ b/ext/session/tests/session_get_cookie_params_basic.phpt
@@ -35,7 +35,7 @@ var_dump(session_get_cookie_params());
 echo "Done";
 ob_end_flush();
 ?>
---EXPECT--
+--EXPECTF--
 *** Testing session_get_cookie_params() : basic functionality ***
 array(6) {
   ["lifetime"]=>
@@ -69,7 +69,7 @@ array(6) {
 bool(true)
 array(6) {
   ["lifetime"]=>
-  int(1234567890)
+  int(%d)
   ["path"]=>
   string(5) "/guff"
   ["domain"]=>