return 'ERROR_AUTHENTICATION_EXPIRED' when session_auth mismatches (original) (raw)

When a user logs out or ends up creating a new session the session auth hash is cleared or regenerated, leading to frontend auth tokens now being invalid. We don't return a code for that case, but if we do return ERROR_AUTHENTICATION_EXPIRED then frontend can handle it and show the appropriate error page to prompt the user to re-authenticate.