From 13_auth onward, the server forgets sessions each time it is restarted, but the cookie persists in the browser tab, so someone can have a cookie that seems to say "you're logged in" but which is no longer valid. We need to explain this and do something about it - @gvwilson's attempt to add an "erase cookie" button to the page didn't work, but there has to be a way.
From
13_authonward, the server forgets sessions each time it is restarted, but the cookie persists in the browser tab, so someone can have a cookie that seems to say "you're logged in" but which is no longer valid. We need to explain this and do something about it - @gvwilson's attempt to add an "erase cookie" button to the page didn't work, but there has to be a way.