Do not store entire user in sessions
Everytime we change something we have to refresh all sessions e.g.:
user.DeleteAllSessionsExcept(sessionToken)
user.RefreshCache(sessionToken)We should only store if a user authenticated and then do live queries. The result would be more load on the ldap server but we wouldn't run into data inconsistent if we forget to refresh the cache once.