Fixed permit function with last attempted URL handling

Permit needed to set the last attempted URL value before calling the
allowed function when the user's profile has expired or the user ends up
being redirected to the logoutTarget page instead of the last attempted
URL.