In Turbine.loginUser() there is a comment about the need to remove all attributes from the session. This is because if the login fails, it would be possible for the user to continue as the last user that was logged in. I am going to assume this is for the case where someone logs out and then another user logs in from the same browser before the session timesout.
The problem with this idea is that we will lose session pull tools since they will be removed before the login action executes. I suggest that we make Turbine.logoutUser invalidate the session. We could then remove the existing code in Turbine.loginUser() that removes all of the data from the session. Anyone see a problem with this? -------------------------------------------- Quinton McCombs NequalsOne - HealthCare marketing tools mailto:[EMAIL PROTECTED] http://www.NequalsOne.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
