sub CGI::Session::get_token_expiry() {
  my ( $self, $param ) = @_;
  # maybe more checks to protect against auto-vivification
  return $self->{_DATA}->{_SESSION_EXPIRE_LIST}->{$param};
}