GitLab

This is the follow up ticket to #119 (closed). It was found that when the session is destroyed (e.g. removed from the database) but the session information is stored in the local storage (the user didn't log off explicitly via the UI), the user gets redirected to the forbidden page when trying to navigate to the login page. This is because, the login page sends some REST calls to the server and the server apparently returns error 403 for the unauthorized user, rather than 401. This case has to be handled and if the session doesn't exist the user must not navigate to forbidden page, even upon receiving error 403.