& make sure session is destroyed after a day if remember me is not used.
Lets move this maybe into 3.7.0?
Verified it works.
Note: in order to test the
session.gc_maxlifetime change, you'll have to add
<a class='mention' href='https://github.com/ini_set'>@ini_set</a>('session.gc_divisor', 1); to make sure session GC is triggered. (I also set the lifetime to 60 so I wouldn't have to wait a day.)