User logout on any device forces logout on all devices

[kujenga]

When the logout action is called in the access controller, the authentication_token is deleted from the database, preventing an attack vector where long-lasting authentication_tokens might be used maliciously if discovered.

However, if the user is logged in on other devices, the authentication_token's stored on those devices are then invalid since any record of them has been deleted. This forces logout on all devices and is a hassle for our users who may be on multiple devices. It is handled by the app currently by forcing a logout and login.

Possible solution could be to associate a separate authentication_token with each UniqueDeviceIdentifier object, and then handle logout on a device-specific level.

On the other hand, this behavior could be considered desirable if a user were to lose a device, etc. and want to logout on al devices. Thus it could be a choice presented to them.