This ticket was prompted from a conversation me and @anoe had on IRC.

My MR contained a disclaimer that we had to logout and log back in for the API to work, because we changed the JWT format.

However, not only was this easy to miss, but it would leave users clueless about why things stopped working.

I don't have concrete plans at the moment about how we could mitigate this; one possibility would be to invalidate the sessions stored in the server every time we release such delicate changes, forcing all the users to login again.