I was implementing token authentication as per chapter 18 of the book. But then I realized. The tokens get saved every time a user logs in, but are never deleted, or never expire. Wouldn’t loggin in again and again cause more tokens per user to pile up in the database? What would be a nice implementation of expiring tokens? Or deleting them even?