The docs for email/password have this blurb:
rememberMe: (boolean) Override default session length (browser session) to be 30 days.
So to clarify a bit, setting rememberMe: false
(which is the default behavior) would not prevent saving the login between page loads, but instead causes the token to be invalidated after the current browser session is closed. Inversely, setting this to true
preserves the token for 30 days.