True, because removal of _all_ existing sessions and tokens should be automatic when 2FA is enabled (you're saying to FB: I only want to be using FB if I've completed 2FA). Under what circumstances would the user want existing sessions to live forever on old devices? (I can answer that : they would want that when they were making their money from advertising "engagement").

If you remember and know where to look.

Google eventually asked if I wanted to remove a phone I'd stopped using 2 years ago the other day.

Google's is pretty easy:

https://myaccount.google.com/

Under Device activity

Google also reminds me regularly to review app passwords. Facebook has never asked me to review a list of apps that I allowed to authenticate with.