[Blazor] Comments about Authentication context are inaccurate

[javiercn]

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-10.0&tabs=visual-studio#server-side-blazor-authentication

Server-side Blazor apps are configured for security in the same manner as ASP.NET Core apps. For more information, see the articles under ASP.NET Core security topics.

The authentication context is only established when the app starts, which is when the app first connects to the WebSocket over a SignalR connection with the client. Authentication can be based on a cookie or some other bearer token, but authentication is managed via the SignalR hub and entirely within the circuit. The authentication context is maintained for the lifetime of the circuit. Apps periodically revalidate the user's authentication state every 30 minutes.

If the app must capture users for custom services or react to updates to the user, see ASP.NET Core server-side and Blazor Web App additional security scenarios.

This section is wrong. The app doesn't revalidate the user's authentication state every 30 minutes. That's completely made up.

The authentication context is not maintained for the lifetime of the circuit. It's maintained for the lifetime of the connection and gets re-evaluated on reconnection.