Also in 2.3.0:
Session length is now configurable
The default token expiration time is 7 days. Short expiration time is considered a good security practice, but might be annoying for users.