The issue was related to an specific cookie (gfw-token) that once expired, the user remained logged in because the same cookie is found in the localStorage. The token must be validated by cookies instead of local Storage, so I removed this validation to ensure that every time the cookie expires, a new login is required.
Overview
A user shared their area with me: http://www.globalforestwatch.org/dashboards/aoi/6557f6b9695f90001af381ea (currently it’s set to public), but when a user chooses to change it to private, it’s no longer accessible: https://www.globalforestwatch.org/dashboards/aoi/6557f6b9695f90001af381ea/?lang=en in their own My GFW account.
Notes
The issue was related to an specific cookie (gfw-token) that once expired, the user remained logged in because the same cookie is found in the localStorage. The token must be validated by cookies instead of local Storage, so I removed this validation to ensure that every time the cookie expires, a new login is required.
Cookie was set to expires in 1 year.