lib/auth/default_current_user_provider looks for this request header while looking for current_user. If present, the user_id is looked up in Redis for this header’s value.
What are the use cases that make use of this ability? Google did not turn up anything.
Also, after loading a user from this header, it seems that the rest of the checks and actions (checking whether the user is suspended or inactive, updating the user’s last_seen timestamp and ip_address) are bypassed. Why is this desirable?