Locally validating the token is only the first step but the real deal is to know if the server still have that session token active/alive (maybe the server restarted, the session has been killed by some other admin users, etc) so a server call will most likely always be required to determine if the client token is still valid.
Currently the validateSession option must be a pure function that requires an immediate returned value but allowing the returned value to be a promise would allow server validation and fix the described problem.
Locally validating the token is only the first step but the real deal is to know if the server still have that session token active/alive (maybe the server restarted, the session has been killed by some other admin users, etc) so a server call will most likely always be required to determine if the client token is still valid.
Currently the validateSession option must be a pure function that requires an immediate returned value but allowing the returned value to be a promise would allow server validation and fix the described problem.