Server responds 302 redirect when there is no token/q_session

When we delete the q_session during an application, and then proceed to next page, we will receive a 302-redirect response from the server and then hit the CORS error.

We expect to receive a 401-unauthorized response so that React can bring users back to sign in page with a message reminding them the session has expired.