Added a logout hook for authentication, which authentication methods can override.
This is called when there is an explicit logout request with no more processing on the page to be performed - i.e. the user clicks logout or their session times out. In the case of an MNET user whose session has timed out, if they have a parent authentication method (i.e. they can use the login form as well), then we continue to remember that they originally signed in using an XMLRPC authinstance, so that when they click logout later, they're correctly taken back to their remote application.
Showing with 45 additions and 34 deletions