Only use session_timeout settings to control user token refreshing.
TW-40 #comment Only remember user when there is a cookie AND it belon…
TW-40 #comment Don't refresh user token when crowd_token doesn't matc…
TW-25 #comment Set session timeouts with config params
TW-25 #comment Auto refresh user tokens for everyone based on last re…
TW-25 #comment Added comment to should_remember_user?