Revoking admin permission #26
Description
Hello,
I might be missing something but it seems that if an admin(A) removes user(U)'s admin permission while U was logged in as an admin then he can still restore his admin status.
What would be the right approach to avoid this situation where the session object becomes outdated?