On Mon, Dec 15, 2025 at 9:28 AM Jelte Fennema-Nio <[email protected]> wrote: > To clarify: I meant the timeout as a backstop in this flow. Once the > client receives a 'R' message it should be re-authenticating ASAP. But > if it still had some messages in flight, the server can still choose > to process them during a grace period.
But it seems iffy to change authentication metadata associated with the connection halfway through a transaction, no? Am I missing something that makes that architecturally safe? --Jacob
