Validates a refresh token by checking if it is active, not revoked, not expired, not replaced, and its session is valid.