Thanks a lot, could you post the complete code of your clean_session()? (Why is session.forget is not sufficient?) You also mentioned the placement of the above code in a model, why not in a controller within the logout?
On Feb 4, 4:09 am, ron_m <[email protected]> wrote: > Sorry, I didn't explain well enough. > > The clean_session() function is something I wrote to reset all session > variables in the case the user is a different person logging in from the > same machine. So it contains lines like: > > session.var1 = None > session.dict1 = {} > > etc. > > The nutshell is an expression of brevity so the following couple of > sentences explaining what the code does is what I meant. > > What you could do is try this out without Janrain to see how it works. I had > the problem were several users share the same Windows workstation and the IT > department set the workstation up with a common user id for all users. So if > a more privileged user logged out and a less privileged one logged in the > session file was reused and as far as teh web2py app was concerned it was > still the same user. Browser cookies are used to establish the session id so > if you stay on the client PC as the same user the same cookie is used the > next time anyone logs in form that workstation. That is the way it works > with web browsers. > > If you can login on the client workstation with different ids then that > would help. > > I offered the above concept to show you how I got around this with multiple > users sharing the same login on the workstation. However I do not use > Janrain so there are very likely other issues in there. > > Ron
