fix: change comment on revokeOAuth2LoginSessions

[sakai-303]

Related issue(s)

This is not an issue, but the related discussions can be found below.
https://github.com/orgs/ory/discussions/118

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[alnr]

Is this correct? I don't think it is. Need to look at this in detail.

[aeneasr]

This is correct, due to a cascade delete of request_id, see also: https://github.com/orgs/ory/discussions/118

[aeneasr]

CONSTRAINT hydra_oauth2_refresh_challenge_id_fk FOREIGN KEY (challenge_id) REFERENCES public.hydra_oauth2_flow(consent_challenge_id) ON DELETE CASCADE,

[alnr]

This PR is incorrect. Revoking a login session does not revoke access tokens and also does not revoke consent!

[alnr]

It also does not revoke refresh tokens.

[alnr]

Added comment in https://github.com/orgs/ory/discussions/118

[alnr]

Revert #3858