- The token expiry is set to 3 days. You can redefine it using the Auth.tokenExpiracy setting. (see app/Config/default.php for example, you can override by redefining it in your very own app/Config/app.php)
- As a user trying to register or recover my account I should be told when the token will expire
Thanks for your feedback!