Problem statement
On lookup miss, refresh validation still scans all active legacy sessions and bcrypt-compares each hash. That’s a sensible compatibility bridge, but we can not migrate away.
Proposed solution
Add telemetry for fallback hits just error logs or something, then remove the fallback.
Alternatives considered
No response
Impact area
None
Problem statement
On lookup miss, refresh validation still scans all active legacy sessions and bcrypt-compares each hash. That’s a sensible compatibility bridge, but we can not migrate away.
Proposed solution
Add telemetry for fallback hits just error logs or something, then remove the fallback.
Alternatives considered
No response
Impact area
None