You can clone with
HTTPS or Subversion.
Strange bug this one, in IE8 only (IE9 is fine, so is Chrome & Safari on iPad).
*navigat to a page in the app
*hit sign out => redirects to login
*Manually enter the last URL you were at => Access granted.
However, oddly this doesn't apply to all pages.
I guess this is related to how IE8 handles the delete session command. Is this your area or express/connect/node?
Strange indeed. Here's the beginning of relevant code from Passport: https://github.com/jaredhanson/passport/blob/master/lib/passport/http/request.js#L53
Passport just deletes the user property from the session object. Connect provides that, so I suspect the issued should be filed with them to see what their recommendation is (if they are aware of it).
Please cross-reference any related tickets here, so we can track this one. I'm happy to provide any workaround in Passport, if necessary.
Trackback: Connect #562