32) ElixirConf 2017: Plugging the Security Holes in Your Phoenix Application

You are right, my answer assumes a single session. For multiple active sessions, you’d definitely want to architect things differently.