A question about session timeout: is the refresh token validity a global setting for the entire SuperTokens core, or something that can be modified on a recipe / tenant / session basis? In a multitenancy context, say I have one that doesn't mind long lived sessions, but one needs their users to re-authenticate daily?