63
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Feb 2026
63 points (95.7% liked)
Asklemmy
53102 readers
350 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 6 years ago
MODERATORS
I believe that it's specified in the architectural reference framework that it has to re-validate every session, to ensure that the token hasn't been revoked. I'd be happy to be corrected, though!
@yelling_at_cloud@programming.dev @SirHaxalot@nord.pub @asklemmy@lemmy.ml
Exactly! This, too. I forgot to mention it in the reply I just sent to SirHaxalot. And given the GDPR "Right to be forgotten", an authorization must be revocable, so this means an authorization must be re-validated, even if this doesn't necessarily mean having to go through the age check flow all over again.