It seems that the login functionality does neither take user deletion or deactivation status into consideration after the login has happened, leading to very long log-in sessions for users that should have lost their access to FOLIO.
Steps to Reproduce:
- Using one browser, login to FOLIO wit user account A.
- Using another browser logged in as another user with the right permissions or by using an API call, either remove the user from FOLIO, or deactivate the user.
The first browser session is terminated or the user is prevented from performing actions in FOLIO afer a short ammount of time.
The user may stay logged in for months.