Obviously, not submitting that field to the login service works but anyone can override that. Is there a way to disable this feature on the server side entirely?
One way you can do it is to register a custom request filter to override and ensure that it's always false, e.g
RegisterTypedRequestFilter<Authenticate>((req, res, dto) =>
{
dto.RememberMe = false;
});