Improved Last Attempted URL Support

lastAttemptedUrl is now handled similarly for both login and logout.
Observed behavior in an application with expiration support showed that
the logout logic would sometimes overwrite the lastAttemptedUrl value
due to the user getting bounced from target -> logoutTarget -> login ->
logoutTarget. If logoutTarget was a protected route then that route
replaces the lastAttemptedUrl value. Now the target is preserved during
the hops and lastAttemptedUrl is cleared whenever it is used so it
cannot create a side-effect.