Trying to submit an edit when inadvertently logged out loses work

[eblanton]

I was just trying to split a work into two releases, and I took the time to create a new edit group and describe a new release for the work, but on submission I got:

400
Bad Request
API Error: InvalidCredentials
auth token was missing, expired, revoked, or corrupt: auth token (macaroon) not valid (signature and/or caveats failed)

It turns out that I'm logged out (my username shows in the top right, I appear to be logged in, but if I try to go to account preferences I get a 403 and it says I may need to log in again). In the meantime, it appears that my edit is lost.

I'm going to try logging back in and then asking my browser to resubmit the form, but this seems sub-optimal.

[eblanton]

This may be a duplicate of #34; I think it's a more critical presentation of the same issue.

[eblanton]

Resubmission of the form did not go well, but I was able to copy the TOML (fortunately I was editing as TOML) and paste to a new editgroup.

[bnewbold]

As a partial workaround for this, we should verify the log-in state every time an entity edit/creation/update page is visited.

The real question is why and how we can "seem to be" logged in while actually not being logged in (aka, cookies seem fine, but actually checking the inner authentication macaroon against the API server itself fails). I am wary of doing a separate API call on every page load to confirm this, but given the low number of logged-in users maybe it isn't a problem.