Arvados

If we have an invalid token when loading workbench, it currently triggers the logout process. That clears local storage and also ensures the token is invalidated upstream.

However: this may not be the best behavior. In a single sign on environment, this might just result in you being logged out and then having to log back in again to the SSO service, with no security benefit, because you didn't have a working token in the first place.

Consider the security implications of changing application load behavior so that an expired or invalid token is simply discarded without triggering a full logout process, and going directly to the login page.