I the case of the oauth WebAuthRetriever classes, revalidate_login should always
lead to an invalid session because if one of the retriever finds some authentication
data in the form, the authentication process must be runned.


Closes #3905894