Yeah, we had a couple customers ask about this, but they were ultimately satisfied with dropping the token from the session to give the appearance of logging out (so they could log in as another user), and just decided to accept whatever risk goes along with someone copying the session token, hitting "logout", then running cURL commands for 4 more minutes.
No comments yet.