Comment 1 for bug 319710

IIRC, ensureNonce() was implemented this way for the use case described in db/oauth.py and things like http://groups.google.com/group/oauth/msg/387fdafcf0be322a, yet still preventing replay attacks. But now I have the feeling these are two conflicting use cases, so ensureNonce() won't actually prevent replay attacks if they're made less than 60 seconds after the original request, no?

Anyway, regardless of what we decide about ensureNonce(), we must start deleting nonces older than a given number of hours/days, to avoid the clashes we're seeing.