@whynothugo I don't think that would need to happen, quite like how checks for a file is only done when opened thanks to fds simply referring to data in a trusted environment (kernel or filesystem-daemon), the session once ~opened could be seen as trusted.

Or how for network services you don't have checks with LDAP/SSO all the time, specially when connections are kept for long periods of time.