Default the security provider uses sessions to keep the user logged in, the remember me sets a client cookie that holds the login information and will log the user in again when the session is expired. You can set the expire date for the cookie, so that users are remembered for hours, days or years. You often see it as an option for the user within the login form, but you can also set it yourself in the server action.