Protected routes can still be hit after calling `unauthenticateSession(_:)`

Protected routes can still be hit after calling unauthenticateSession(_:).

It do set cache to nil, but only for current request, not globally.

Steps to reproduce

Configurate:

// ...

var middlewares = MiddlewareConfig()
middlewares.use(SessionsMiddleware.self)
services.register(middlewares)

// ...

var migrations = MigrationConfig()
migrations.add(model: User.self, database: .mysql)
services.register(migrations)

// ...

Model:

final class User: MySQLModel, Migration, PasswordAuthenticatable, SessionAuthenticatable {
    var email: String
    var password: String

    // ...

    static var usernameKey: UsernameKey = \User.email
    static var passwordKey: PasswordKey = \User.password
}

Controller:

let authSessionRoutes = router.grouped(User.authSessionsMiddleware())
authSessionRoutes.get("login", use: makeLoginView)
authSessionRoutes.post("login", use: login)

let protectedRoutes = authSessionRoutes.grouped(RedirectMiddleware<User>(path: "/login"))
protectedRoutes.get("logout", use: logout)
protectedRoutes.get("/", use: makeHomeView)

// ...

Route:

func login(_ req: Request) throws -> Future<Response> {

    // ...

    try req.authenticateSession(authed)
}

 func logout(_ req: Request) throws -> Response {
    try req.unauthenticateSession(User.self)
    return req.redirect(to: "/login")
}

Call / route, and redirected to /login.
Submit login form with correct user credentials.
Call /logout route.
Call / route.

Expected behavior

Redirected to /login.

Actual behavior

Hit protected / and not redirecting.

Environment

Vapor Framework version: 3.0.0-rc.2.2.4
Auth version: 2.0.0-rc.3.0.1
Leaf version: 3.0.0-rc.2.1.2
Vapor Toolbox version: 3.1.4
OS version: macOS 10.3.3

vapor / auth

Protected routes can still be hit after calling `unauthenticateSession(_:)` #36

Steps to reproduce

Expected behavior

Actual behavior

Environment