Hi, I want to work on this issue.

So the issue here, is that all the pages should require authentication while none do, so we're missing the decorator to fix this.

Since the db is deleted, I think sessions for those users should also be dumped.

In the case that you are browsing your own hub, this can indeed be seen as a bug: we should log-out the user.

But we how do we know if the hub doesn't exist because the user never logged in or because the DB got wiped? So how do we know if it's a false negative or not? Do we want to check the DB everytime someone access a non-existing hub to see if that hub should in fact exists or not?

Based on the fact that wiping the DB isn't likely something we'll do regularly in prod, I'm having the tendency to think that this may not be a real bug.

Yes, I did not consider this bug as a production one but something which would ease our development. So, I was suggesting to include deleting the sessions in populate.py itself so that it delete the user sessions before populating the DB

@abompard is this one still an issue -- i haven't hit it