Implement an auto revoke user session (forced logout)

[EricEchemane]

Needed for invalidating session for

• permission and role changes
• unauthorized access detection
• password changes