Originally Posted by
Psycho Adelphos
In case this post was too long for everyone I decided to simplify my explanation a bit.
Lets pretend there are two people named bob and tom. bob has a graal account and wishes to share it with his good friend tom. tom then has access and everything is fine, but one day tom and bob fight. tom threatens to ruin the account and keep it afked and online 24/7 so that bob can no longer use it. bob however was quick to think ahead of time foreseeing that this might happen and sent himself a revoke request, but when he goes to try to regain access he find sadly that tom is still able to stay online with access as long as he does not log off of graal.
What my idea would do is not only remove all access from devices other than the one that sent the request, but it would also boot off any users that were online without access at that moment.
now the main concern that was pointed out was that people may just spam the revoke request to fumble up the emails, and my solution was to give it a five digit randomized code that appears when a request is sent. the code will also appear in the email so that you may identify which request is yours.
Special thanks to Bailey for helping me explain it smoother and making the idea more sound and viable overall.