Users without two-factor authentication enabled cannot sign out when two-factor authentication is required
The issue was originally reported in #35086.
Suppose a Redmine instance that projects are public and can be accessed without authentication. You were logged in to Redmine, and one day the admin set two-factor authentication to be required.
But suppose that you want to access the Redmine as an anonymous user without enabling two-factor authentication. So you will try to sign out, but when you click the "Sign out" link, you will get a page asking you to enable two-factor authentication and you cannot sign out. Therefore, the only way for you to access the Redmine as an anonymous user is to delete a cookie or use a different browser.