Session is not invalidated after time expires using login_for

[robertsarkozi]

login_for method takes a Duration parameter, for how long the user should be logged in, after whose expiration I'm expecting the user to not be authorized anymore. I'm trying this with one minute.

    auth.login_for(&form, std::time::Duration::from_secs(60))
        .await?;

In session/default/mod.rs this sets the auth key for that amout of time, but it seems it doesn't have effect...

    #[throws(Error)]
    fn insert_for(&self, id: i32, key: String, time: Duration) {
        let key = AuthKey {
            expires: time.as_secs() as i64,
            secret: key,
        };
        self.insert(id, key);
    }

User session keeps letting me make requests even after 1 minute has passed.

Shouldn't rocket_auth automatically invalidate the session after expiration?