Comment 1 for bug 628711

I think (1) could potentially be separate, expiring doesn't have to be *that* timely.

However, (2) *does* need to be timely since someone may be deactivating a token for a malicious user or for a security leak.

We might be able to speed this script up by having an intermediate table that holds a set of actions that must take place, which gets populated when someone a) deactivates, b) creates a token, c) regenerates a token (which is similar to the publisher's "dirty pockets" concept).

Obviously, the other cope optimisations you mention would also be useful.