pub async fn find_valid(db: &Db, id: &str) -> Result<Option<Session>, Error>Expand description
Look up a session by token. Returns None if the token doesn’t
exist or the session has expired. Expiration is checked on
every call — the DB expiry column is the source of truth.
When an expired row is encountered it is deleted inline so the table doesn’t accumulate stale sessions indefinitely. The delete is best-effort; a failure to clean up doesn’t mask the “expired” verdict.