in blazer server, there is only one blazer request
- the index page loads (typically authenticated via cookie)
- page assets are loaded
- the blazer javascript opens a signal/r connection (passing the authentication token via cookie) to create the blazer app instance hosted on the server.
the authentication token is passed to the blazer app, when the instance is started. there is no logon or logoff event.
if the user is not logged in at start, when authenticated access is required, the blazer login logic tell the client to redirects to the login url (via javascript interop). when login redirects back to the client a new blazer server app is loaded, this time with the authentication cookie.
to sign out, the blazer server tells the client to redirect to the sign out url. when signout redirects back, the blazer app is reloaded, but not authenticated.