Closed maxdobeck closed 6 years ago
Looks like this is working but we don't direct the user to the next route and instead force them to the root url.
This has been fixed by changing how we check for a valid session. Everything depends on the server side session via the cookie.
When a user is logged out due to a bad session get a new card token and cookie. Currently the last csrf token is used and it is stale.