Document how the token expiration is enforced #6
Description
It seems that the storage engine is responsible for enforcing the token expiration time; this should be documented.
The built-in MemoryStore uses setTimeout() to destroy the token after the expiration time. The Redis example in the readme uses the redis expiration system.
I'm writing a token store using MongoDB, which AFAIK doesn't have automatic expiration of records, so in my lookup method I'll need to ensure that now minus token creation time is less than passReset.expireTimeout(), and I'll need a setInterval() that deletes expired tokens.