Auth related flows are sometimes unexpected.

[almereyda]

Some routes have special redirect behavious, which seems a little odd at times:

When being logged out:

• /auth always redirects to /, esp. when connecting with a GitLab account in the moment of login from the editor

When being logged in:

• /logout redirects to /, but the session cookie is not removed, but actualised
• /user redirects to / on first hit, but successfully displays on second try

This may be due to an incomplete implementation of OAuth2 flows and substituting those with cookie based authentication logic.