Steps to reproduce:

Install Zabbix 6.0.x, login go to, for example configuration → hosts → {host} → items.
Now, login to the DB and truncate sessions table. Open browser and click on something. Observe: 

Now do the same thing with Zabbix 7. The observation is different as it will give the full page with all information still visible:

Even 'worse' it allows you to just cancel the error and scrape of the rest of the information

Expected:
full page reload where the info does not become available anymore for users that are unauthenticated.