User login lost when a HIT opens simultaneously in multiple tabs

[mizzao]

Originally reported by @ldworkin. Seems like something like the following happens (more likely when a HIT is banked):

• User opens HIT from dashboard (1)
• User accidentally opens the same HIT in a separate tab, from dashboard (2)
• HIT 1 authenticates and stores login token to local storage
• HIT 2 authenticates but does not see the local storage token from HIT 1, as that is on a 3 second poll
• HIT 2 overwrites the login token in local storage, causing HIT 1 to log out and be unresponsive

A workaround is to tell users not to open the HIT in multiple tabs, but we should make this more robust. It does seem like Meteor in general is less likely to observe this issue because there is no URL-generated auto login. It is a rather edge case when two URL logins are opened nearly simultaneously.

[mizzao]

Seems like this might not be due to the polling issue, as it happens even if a second tab is opened much later.