I have service which perform remote calls for wallet deposit and withdraw operations using HTTPS - it takes from 1 to 5 seconds on server side (for visitors it can take longer despite CloudFlare CDN). It's ok when people do such operations once in a while but having 20-50 open connections per second (~100 total) to remote service doesn't look like good idea.

Still replacing session after remote call once per minute per visitor could work to save server resources. But it will allow 1 minute window for hacker.

Interesting idea nonetheless.