diff --git a/FUTURE.md b/FUTURE.md
index f9d4980..fc96f62 100644
--- a/FUTURE.md
+++ b/FUTURE.md
@@ -3,7 +3,7 @@
 **This document tracks potential future enhancements for Bill Tracker.**
 
 **Last Updated:** 2026-05-09  
-**Current Version:** v0.19.3
+**Current Version:** v0.19.4
 
 ## How to Use This Document
 
@@ -53,31 +53,7 @@ Migrations are not atomic. If a migration fails partway through, database is lef
 - Log transaction state for debugging
 - Test with intentional failures to verify rollback
 
-### Session Token Expiry Not Enforced at Database Level
-**Priority:** CRITICAL  
-**Added:** 2026-05-08 by Neo
 
-**Description:**
-Session tokens expire in application logic but database records persist indefinitely.
-
-**Rationale:**
-- `/services/authService.js` checks `expires_at > datetime('now')` in code
-- Expired sessions accumulate in `sessions` table
-- No cleanup worker for orphaned/expired sessions
-- Risk of table bloat and potential token reuse if bugs exist
-
-**Implementation Notes:**
-- Files to modify: `/home/kaspa/.openclaw/Projects/bill-tracker/db/database.js`, `/services/cleanupService.js`
-- Estimated effort: 4 hours
-- Add:
-  - Database-level cleanup job (runs daily via admin cleanup service)
-  - SQL:
-    ```sql
-    DELETE FROM sessions WHERE expires_at < datetime('now');
-    ```
-  - Consider adding `created_at` + `last_used_at` for better cleanup targeting
-
----
 
 ### 🟠 HIGH
 
diff --git a/HISTORY.md b/HISTORY.md
index 181363c..cdb37e5 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,5 +1,15 @@
 # Bill Tracker — Changelog
 
+## v0.19.4
+
+### Added
+- **Session token expiry cleanup** — Expired sessions are now purged automatically on startup, every 24 hours, and per-user on login. Prevents `sessions` table bloat and potential token reuse.
+- **`created_at` column on sessions** — v0.43 migration adds `created_at` to the sessions table for better cleanup targeting.
+- **`SESSION_CLEANUP_INTERVAL_MS` env var** — Configurable cleanup interval (default 24h, max 7 days). Invalid values are rejected with a warning.
+
+### Security
+- **Input validation on `SESSION_CLEANUP_INTERVAL_MS`** — Rejects 0, negative, and >7-day values to prevent DoS via event loop starvation (Hudson finding).
+
 ## v0.19.3
 
 ### Fixed