I think I’ve been able to deduce how it works.

There’s a file, request.js, that I assume is invoked every time you visit a page. If the status ban is true for a user, it requires reauthentication. That brings you to /models/user.js, wherein if that user shows as being in the Banned Users category in the authentication process, the login operation fails and emits the message “This account has had its login privileges revoked.” Users are added to the Banned Users category with the ban function.

I assume that login access is revoked even for your current session, because if it wasn’t, you could just keep your browser window going and keep on posting.

JEDIT: Er, it might just be that authentication is required when you’re trying to ban a user. If so, that makes my theory invalid.

JEDIT 2: https://github.com/jaysylvester/comitium/issues/164