Either I am blind or app-advanced theme has a tiny bug.
It seems that there is a rememberMe parameter (the length of time for which the user is remembered as logged in and does not have to log in again). It is exported to params-local.php or somewhere else (can’t access code right now, sorry).
And yet the remeberMe field in the User model is hard-coded.
It is dependent on enableSession (default true ) AND enableAutoLogin (default false).
Duration will be set to 30 days if rememberMe is checked.
From User, yii\web\User | API Documentation for Yii 2.0 | Yii PHP Framework
If $enableSession is `true`:
* the identity information will be stored in session and be available in the next requests
* in case of `$duration == 0`: as long as the session remains active or till the user closes the browser
* in case of `$duration > 0`: as long as the session remains active or as long as the cookie remains valid by it's `$duration` in seconds when [$enableAutoLogin](https://www.yiiframework.com/doc/api/2.0/yii-web-user#$enableAutoLogin-detail) is set `true`.
If $enableSession is `false`:
* the `$duration` parameter will be ignored
(There may be newer versions of Advanced template)
Sorry, this topic is my misunderstanding. I have mixed up toghether:
Yii::$app->params['user.passwordResetTokenExpire'];
Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 30 : 0);
These are two separate things. I was writing from my memory, without any access to the source code and somehow made “a connection” that these are two same entities. Sorry.