Use login beacon for logged in users #31
Description
It is possible for a user to be logged into a client app while not logged into Lastuser, possibly because the login cookie was deleted there. In such a case, the login session will remain valid in the database, so the client app will not recognise the user as having logged out. This becomes a problem for Lastuser APIs like user autocomplete, which will return a 401 asking for client credentials, but with a login prompt shown to the user.
- Flask-Lastuser must use the login beacon iframe even if the user is logged in
- Lastuser in the login beacon must request a logout in the client app if the user is logged in there but not in Lastuser.