Check 401 permissions to sign out
sethvargo opened this issue · comments
Seth Vargo commented
I think adding a real 401 page may have broken session timeouts, which were relying on redirecting to the sign out page on unauthorized via the controller method, but the controller method now renders a 401.
Audit all uses of controller functions and probably add a dedicated one to force sign out.
/assign
Mike Helmick commented
Let's hold the 0.19 release for this