Session token in browser does not get deleted when account was deleted

[DenisKnecht02]

🐛 Bug Report

I guess it is not a serious issue/bug, but I noticed, that in my frontend application (using v0.12.0) the retrieved session token (via Session.getAccessToken) still has the "old" token, although the corresponding account was deleted.

It should be easy to reproduce:

• Create an account
• Check available token via Session.getAccessToken
• Delete account
• Check available token via Session.getAccessToken --> should be still there
• (Session.doesSessionExist also still returns true)

[rishabhpoddar]

Session is stateless, so deleting an account in offline mode doesn't remove the tokens on the frontend. Instead, the next session refresh will fail, and the user will be logged out then. If you have made a self serve delete flow, where the frontend is calling an API in which you call the delete function, you can also call session.revokeSession and then that will clear the tokens immediately on the frontend.