@phoneboy @matigo Because I can't sleep[1337. And because I intend to have a play with my code when I can setup an IDE again.]: what happens to a new login attempt which tries to create a fresh authorisation token when a user hasn't previously logged out: can it succeed, is their previous authorisation token wiped out?