mirror of
https://github.com/Adamcake/Bolt.git
synced 2026-04-23 02:16:53 -04:00
b1bbd4b2cf
There seems to be no way to revoke a session ID, though. Revoking the originating OAuth tokens doesn't work. What happens if someone gets my session ID? Do they just have permanent access to my account now? The "legacy" login flow doesn't have this issue because its sessions are one-time use obtained on game launch instead of persisting. That seems like a far better system to me.