I just started using Ion Auth so I'm wondering whether this practice might be bad or might give problems in the future (as username will be NULL).
Also I'm wondering what the user_expire option does, is that for how long the remember me button works? Because in that case the default value of about 24 hours seems a bit short.