SUL3 needs some state to allow the local wiki verify that the login on the central domain was successful. What counts as a single login attempt from the perspective of the local wiki can be multiple login attempts on the central domain (e.g. the user might type their password incorrectly at first) so this state needs to extend beyond the login state used by AuthManager (which would be discarded after a failed login attempt). We use the token store (with an URL parameter preserved across login steps) for this, but it doesn't work well because the token store is backed by memcached which doesn't have retention guarantees. We ended up with all kinds of workarounds for data loss, which is a maintenance burden in the long term.

We should just switch from the token store to the session store for storing this kind of state. Conceptually it is a kind of session, we already rely on the session store for AuthManager state, so this would reduce the ways in which a login can fail without introducing new ones. Logins are already the majority of session store load, so this would add significant extra load though (instead of a local + central session, we'd now have 3 session store entries per login), so we'd need to check if that's acceptable.