Old session tokens can be used to authenticate to the application and send authenticated requests. References https://nvd.nist.gov/vuln/detail/CVE-2022-2306 https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166 https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796 https://github.com/advisories/GHSA-xv59-gc3r-rf92
