Invalidate sessions on logout #79
Description
When a user logs out, their session should be invalidated so it cannot be replayed, say if their authenticated cookie had been stolen.
At time of writing, Devise does not do this out of the box, so needs modifying to support.
Consider invalidating all of a user's sessions when logging them out from one session.