Automatically Logout users in cases when persistSession is false and the user closes the browser window

[chipilov]

It seems that currently the only mechanism for removing or revoking refresh tokens is:

• to send a refresh token request (in this case the refresh token used to refresh the access token is marked as revoked and a new refresh token is issued);
• to logout (in this case all refresh tokens for the user are removed;

However, if an app sets the "persistSession" param of the SupbaseClient object to false, this means that if the user closes the browser window, they will be implicitly logged out since the access token will be lost.

Maybe in such cases (i.e. ONLY when "persistSession" is false), the client can automatically send a logout request when the window.onunload even is fired.

One potential issue with this is that the user will also be logged out on any other open windows. Hence, the automatic logout request might also be made configurable in the SupabaseClient constructor.

To be honest, not sure if it is better to add yet another config to the constructor (which will only be valid if "persistSession" is false) or to have the app developer handle this themselves.

What do you think?