Comment 6 for bug 396633

Option 1: The simple fix would be to save the oauth token used for the connection and verify it on every request (or occasionally). But this would introduce some overhead in db calls. This overhead may be reduced if we memcached the oauth tokens.

Option 2: Similar to option 1: Memcache the session_ids with the related oauth token and check the sessionid on every request. When the token is removed, delete the session id associated with the token.

Option 3: Send out notifications when tokens are deleted, however there is no infrastructure to do at this time. We would also need to save the oauth token in each connection on the server and then delete it when the notification was received.