I think some logic is broken around the exits. When you remove an exit you see the client send
{"id":31,"method":"call.core.char.XXX.ctrl.deleteExit","params":{"exitId":"YYY"}}
but after that the client will keep spamming
{"id":32,"method":"subscribe.core.exit.YYY.details"}
and getting access denied errors.
Oh, exits too? Yes, there is a client bug behind that.
We have a similar issue when someone deletes a character.
It can both be dealt with on ResClient level, preventing subscription of deleted cached items. But it is also a bug in the app where it keeps listening to that deleted item even after deletion.
But thanks for making me aware! 
I found the client bug.
I moved the report to a separate topic. Thanks again! 