The web client checks if the user is logged in by accessing the user's profile. If it gets back a 400, you're not logged in. Doing that currently causes a user client to get created to do the check, but the session is not destroyed until some time later when tomcat comes along to clean it up.
The web client checks if the user is logged in by accessing the user's profile. If it gets back a 400, you're not logged in. Doing that currently causes a user client to get created to do the check, but the session is not destroyed until some time later when tomcat comes along to clean it up.