Login fixes:

1. Stop rejecting login attempts when there's an identity cookie already set.

	This looked like a good idea, but in practice it's not a sufficient check, as it doesnt' ensure the identity cookie is actually valid. Validating it is an option, but the do-nothing alternative (which I went with) is that a login request while already logged in overwrites your identity cookie, instead. It's less code, semantically not bonkers, and doesn't _appear_ to introduce any interesting user security issues.

2. Redirect to / after successful login/logout, instead of dropping the user on a useless text page.

0 files changed, 0 insertions, 0 deletions