aarondl
commented
4 years ago They will conflict in that the remember me will continuously log the user back in after they're expired. This will create a jarring user experience :)
I welcome a change in the behavior. It would not be considered breaking because nobody should currently be using them together.
Above the expire middleware, there is a comment stating:
If you use both modules together, which one will take precedence? Will the user be logged out after the timeout period? Or will the user be logged out after the remember cookie expires?
This was also an issue with devise, and they chose to change it so that if a user clicks remember me, he will not be timedout.