Does Better Auth Support Session/Token Rotation?
In Better Auth, if a session cookie is stolen and reused in another browser, does the library provide any built-in mechanism to prevent session hijacking (like session rotation, device/IP binding, or fingerprint validation)? From what I’ve seen, there doesn’t seem to be session/token rotation for email/password authentication — could you confirm if that’s correct and suggest the recommended approach to mitigate this risk?
