I have created a new Member type using DataObjectDecorator and am have emmense problems working out why it logs the current user out when:
1. You manually type /admin/ into the URL
2. You restrict access using the canView method
In both cases, even when logged in, the user is redirected to /Security/login and tells them they do not have permission to view. However when you navigate back to a normal, accessable page, you are logged out of the current user.
This is not the case if I manually navigate to /Security/login so it must be something up with Permission or Director.