Patron with no-longer-expired credentials is not revalidated when authenticating with username

[leonardr]

The following behavior was reported:

Patron has both an authorization identifier and a username.
Patron's card has expired.
Patron is unable to authenticate using either authorization identifier or username.
Patron's card is renewed.
Patron is still unable to borrow books using username.
Patron authenticates with authorization identifier and is able to borrow books.
At that point, either authorization identifier or username works for borrowing books.

I looked at the server side code and I don't see authorization identifier treated any differently from username. When a patron lacks borrowing privileges, their status is checked with the ILS every 5 seconds (rather than the default of every 12 hours) on the presumption that they are taking steps to fix their account.

It's possible that the problem is on the client side. The client has a concept of being 'logged in' which is absent on the server. This could explain the observed behavior:

On the client side, patron is "logged in" with username.
Client discovers that patron has no borrowing privileges.
On the server side, patron's borrowing privileges are restored.
But client still believes patron has no borrowing privileges.
Patron "logs out" and then "logs back in". (Whether they do this with username or authorization identifier is irrelevant.)
Now the client does a fresh check and discovers that the patron has borrowing privileges.