I am trying to use the authentication by URL mechanism as described in the https://github.com/cuba-labs/authentication-by-url and I’ve noticed the following (I am using the first approach that is described in the sample application)
When any user -the first time- tries to login into the application using a url that includes an appropriate token, then everything is working as expected. Now, if the same user tries to connect from his browser changing the token in the url in order to login as a different user -he can use either the same open browser window or create a new tab), then it is logged in as the old user! It seems that the CUBA application ignores the new URL, using instead the available session. So, I would like to ask you if we could somehow invalidate the current session in the provided first sample to allow users login any time with the current URL token. If not, we could somehow create a logout link to the application? Although this type of link seems not be provided by the CUBA framework I’ve found some instructions on the Forum describing a way to make a similar operation but I’ve found all of the them very advanced - Is there an easy way or a ready-to-use sample code to bypass the aforementioned problem?
Thanks in advance