It looks like UserDatabase.maxAuthTokensPerUser is not documented although it is important. Default value 50 can not be changed. If user has >= 51 tokens, then new tokens are silently ignored. I found this bug because of messages from users that "Remember me does not work". I think, the option is needed to change this behavior to removing oldest token and adding new token (which would be more convenient for users).