...
We are seeing errors where a reauthentication request succeeds, but then the client fails to get back the session (e.g. due to network error). When that happens we create a wreath reauth token and store the old token in Redis. While the client can recover by resending the old reauth token, and they will get a session, the session we send back does not include the new reauth token (we don't have it due to #2 above). We just return the old token in the session. As a result, at some point, that user will still have to authenticate when the cached reauthentication token expires from cache.
...