Code that touches a session token should become radioactive.

In a safe system, code that touches something so sensitive should isolate itself.

In today's code, that isolation has to be done by construction, by security experts at design time.

To have a system capable of working with infinite software, it will have to be antifragile; auto-isolating code that has been tainted by sensitive data.