Firesphere
commented
7 years ago This is expected behaviour, the member gets an anonymous token, to act as "logged in without privileges", canView on any object requiring a member to be logged in will return false as it's ID is 0
Slightly confusing, but a feature that's somewhat needed
This returns as valid user based on the token, it should invalidate the whole session and token.