I put this chunk of code in models/menu.py just after the index item and
before the rest of the menu because I didn't want the other menu items
exposed if not logged in. Your case may vary but the code should be the
same, just placement.
if auth.user:
#print 'menu: ', auth.user_id, auth.user.username, session.saved_user_id
if (not session.saved_user_id) or (session.saved_user_id !=
auth.user_id):
clean_session()
session.saved_user_id = auth.user_id
In a nutshell,
if logged in
Test for a copy of auth.user_id saved in session.saved_user_id and if not
saved or the login id is now different
run clean_session()
and save the now current auth.user_id in the session.saved_user_id.
I am not using Janrain, just regular web2py authentication but the session
file was getting reused in that case too giving the next user to use the
client browser the permissions in the application of the previous user.
The clean_session() function must be kept current and all it does is scrub
every session variable that could have been created by the application. I
suppose I could just walk the collection, not sure what else might be in
there, will have to look one day.
You are victim of the same machine, web browser, browser window, browser tab
all see the same session file. If you logged in on the client workstation
machine with a different account the browser would use a different cookie
set and you probably would not have the problem. It is not a web2py
deficiency.
