[thejazzman]

Appreciate your taking the time to give us this suggestion -- but to clarify, we do revoke the token :D

From the screenshot that was provided, they're seeing the client render a page, but it's failing to acquire any data from the API. If they opened the network inspector they'd likely see that the requests are 401'ing after logging out.

I'm not pretending that this is good UX -- it's not -- but it's not evidence of a security issue. That said, we have every intention of nailing down fantastic UX as quickly as possible. (I'm a recent addition to the company but) it pains me personally for anyone to see any mistakes and I hope to impress you soon.