[google-appengine] Re: User Identity
But it does seem that it would be hard to have different logins in different browser windows, which I would like for testing. I guess you could test simultanous different logins to the same app by using not different windows of the same browser but by using different browses (FF, IE, Safari, Konquerer, Chrome) sumultanously, couldn't you? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
...should def work with VMWare though --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
I think this is an important issue - why no response? On Aug 5, 9:48 am, Martyn martyn.cutc...@googlemail.com wrote: Hi there, In testing I have noted latency in user identity management when I sign in and out as different account users. 1) I sign in as user A - application recognises me as user A 2) I sign out - application still recognises me as User A 3) I sign in as user B - applicaiton recognises me as user A 4) sometime later (around a minute) application recognises me as user B I understand how this could happen, based on caching for performance, but should it? ...and I'm still concerned about insert performance, seems like 120ms is the best I can hope for (single row, no indexed properies, Blob of around 1k). - Martyn --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
If logout wouldn't work, that would be really important - sure. But it needn't to be appengine creating this result, it can be your own code too. Session management is usually done with a token stored in cookie. Logout just means deleting this cookie. Perhaps you forgot to trigger cookie deletion or you forgot to make the result visible at once by changing 'User1 Logout' to 'Login'. Such visual display errors would be critical only if you could request a server response successfully as logged in user after logging out. Did you try? On the whole, please describe more details to enable a detailed answer. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Hi Martyn, On Wed, Aug 5, 2009 at 9:48 AM, Martynmartyn.cutc...@googlemail.com wrote: Hi there, In testing I have noted latency in user identity management when I sign in and out as different account users. 1) I sign in as user A - application recognises me as user A 2) I sign out - application still recognises me as User A 3) I sign in as user B - applicaiton recognises me as user A 4) sometime later (around a minute) application recognises me as user B I understand how this could happen, based on caching for performance, but should it? If you're caching responses, there's nothing any of the rest of the infrastructure can do about it. You need to use a caching strategy that can cope with users logging out, such as using etags. Have you checked to see if this _is_ a caching issue? Does your App Engine app see requests from the newly logged-out user, or are they entirely served from the cache? Are you using the Users API, or your own session management? How are you logging out of the app? ...and I'm still concerned about insert performance, seems like 120ms is the best I can hope for (single row, no indexed properies, Blob of around 1k). This seems high. Have you experimented with entities with different numbers of properties and entity sizes? -Nick Johnson - Martyn -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
I am not caching the user, I always use the UserServiceFactory on each request. I discovered this testing the web.xml security-contraint configurations. I was surprised to say the least. I then added debugging to output user info to a page and noted the symptoms reported. Re: insertion performance, I update two entities, one is always created (with a generated key) and the other updated. I update using a batch put which improved update from ~180ms to 120ms Initially there was a single Blob property on the insert entity (I store transactional data), adding a few unindexed properties seems to have made no significant difference. I did test pre-puts, batching say one-hundred inserts, and then seeing if update of an existing entity was any better - it wasn't. I will get back with some more metrics in a bit. On Aug 5, 1:14 pm, Nick Johnson (Google) nick.john...@google.com wrote: Hi Martyn, On Wed, Aug 5, 2009 at 9:48 AM, Martynmartyn.cutc...@googlemail.com wrote: Hi there, In testing I have noted latency in user identity management when I sign in and out as different account users. 1) I sign in as user A - application recognises me as user A 2) I sign out - application still recognises me as User A 3) I sign in as user B - applicaiton recognises me as user A 4) sometime later (around a minute) application recognises me as user B I understand how this could happen, based on caching for performance, but should it? If you're caching responses, there's nothing any of the rest of the infrastructure can do about it. You need to use a caching strategy that can cope with users logging out, such as using etags. Have you checked to see if this _is_ a caching issue? Does your App Engine app see requests from the newly logged-out user, or are they entirely served from the cache? Are you using the Users API, or your own session management? How are you logging out of the app? ...and I'm still concerned about insert performance, seems like 120ms is the best I can hope for (single row, no indexed properies, Blob of around 1k). This seems high. Have you experimented with entities with different numbers of properties and entity sizes? -Nick Johnson - Martyn -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Since I sign in as a different user, this cannot be explained by a cookie problem.. plus the timing issue. On Aug 5, 1:12 pm, Holger w...@arcor.de wrote: If logout wouldn't work, that would be really important - sure. But it needn't to be appengine creating this result, it can be your own code too. Session management is usually done with a token stored in cookie. Logout just means deleting this cookie. Perhaps you forgot to trigger cookie deletion or you forgot to make the result visible at once by changing 'User1 Logout' to 'Login'. Such visual display errors would be critical only if you could request a server response successfully as logged in user after logging out. Did you try? On the whole, please describe more details to enable a detailed answer. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? yea My debug code is UserService us = UserServiceFactory.getUserService(); That's Java - I do Python. - So Nick Johnson surely can explain better what's needed. I have no control if the user changes their account sign-in in another browser window. Why would you need. Why should'n a user be logged in as John to one application and as Bill to the other? As long as user John doesn't log out of your application (window), where is the problem? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
I'm sorry, I am clearly missing something here. And it looks like it's an unwarranted assumption on my part. I had assumed, that the Google user authentication could be used in place of a conventional application login. I have followed this to create a pattern such that the current Google user can be directly associated with an application user, and that for any request I could use the UserService to get a handle on the current user and then lookup my application user. So logging out for me, meant the user signing out of their Google account. I will now RTFL on user authentication and see what I can learn. Sorry if I've been wasting your time. - Martyn On Aug 5, 2:52 pm, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
You are not wasting time - it's an important clarification. To my knowledge the logical steps are: 1. User want's to log into your application 2. You pass him to Google 3. He logs in with his Google account 4. Google returns a token with is stored as cookie 5. As long as this token exists the user module (don't know the Java name) treats the visitor as authenticiated. 5. It's your task to delete this token on user logout. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Google's cookies are different than each application on appspot.com. So each application needs to specifically log out each user. I just came to know about this. You should provide a log out link. On Wed, Aug 5, 2009 at 10:34 AM, Holger w...@arcor.de wrote: You are not wasting time - it's an important clarification. To my knowledge the logical steps are: 1. User want's to log into your application 2. You pass him to Google 3. He logs in with his Google account 4. Google returns a token with is stored as cookie 5. As long as this token exists the user module (don't know the Java name) treats the visitor as authenticiated. 5. It's your task to delete this token on user logout. -- Hrishikesh Bakshi --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
On Wed, Aug 5, 2009 at 3:21 PM, Martynmartyn.cutc...@googlemail.com wrote: I'm sorry, I am clearly missing something here. And it looks like it's an unwarranted assumption on my part. I had assumed, that the Google user authentication could be used in place of a conventional application login. That's entirely correct. I have followed this to create a pattern such that the current Google user can be directly associated with an application user, and that for any request I could use the UserService to get a handle on the current user and then lookup my application user. Also fine. So logging out for me, meant the user signing out of their Google account. Is the user logging out by clicking a 'logout' link you provided them (using the Users API), or by logging out on some other Google service? If the latter, it's quite possible that doing so would not log the user out of all their App Engine apps immediately, yes. If you want a user to be able to log out immediately, you need to provide them with a logout link. I will now RTFL on user authentication and see what I can learn. Sorry if I've been wasting your time. - Martyn On Aug 5, 2:52 pm, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Yes, I was assuming that if the user (in the browser) signed into another account then that new user would be returned by the UserService. I don't think it is a problem for a real world situation, but for testing it gave me surprising results. For quick account swapping I can provide an app sign-out link. But it does seem that it would be hard to have different logins in different browser windows, which I would like for testing. On 5 Aug, 17:09, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 3:21 PM, Martynmartyn.cutc...@googlemail.com wrote: I'm sorry, I am clearly missing something here. And it looks like it's an unwarranted assumption on my part. I had assumed, that the Google user authentication could be used in place of a conventional application login. That's entirely correct. I have followed this to create a pattern such that the current Google user can be directly associated with an application user, and that for any request I could use the UserService to get a handle on the current user and then lookup my application user. Also fine. So logging out for me, meant the user signing out of their Google account. Is the user logging out by clicking a 'logout' link you provided them (using the Users API), or by logging out on some other Google service? If the latter, it's quite possible that doing so would not log the user out of all their App Engine apps immediately, yes. If you want a user to be able to log out immediately, you need to provide them with a logout link. I will now RTFL on user authentication and see what I can learn. Sorry if I've been wasting your time. - Martyn On Aug 5, 2:52 pm, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
On Wed, Aug 5, 2009 at 6:24 PM, Martynmartyn.cutc...@googlemail.com wrote: Yes, I was assuming that if the user (in the browser) signed into another account then that new user would be returned by the UserService. I don't think it is a problem for a real world situation, but for testing it gave me surprising results. For quick account swapping I can provide an app sign-out link. But it does seem that it would be hard to have different logins in different browser windows, which I would like for testing. Unfortunately, that's not really possible with _any_ login system short of sending a session ID between pages in the URL. HTTP is not session-based and has no concept of a browser window. -Nick Johnson On 5 Aug, 17:09, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 3:21 PM, Martynmartyn.cutc...@googlemail.com wrote: I'm sorry, I am clearly missing something here. And it looks like it's an unwarranted assumption on my part. I had assumed, that the Google user authentication could be used in place of a conventional application login. That's entirely correct. I have followed this to create a pattern such that the current Google user can be directly associated with an application user, and that for any request I could use the UserService to get a handle on the current user and then lookup my application user. Also fine. So logging out for me, meant the user signing out of their Google account. Is the user logging out by clicking a 'logout' link you provided them (using the Users API), or by logging out on some other Google service? If the latter, it's quite possible that doing so would not log the user out of all their App Engine apps immediately, yes. If you want a user to be able to log out immediately, you need to provide them with a logout link. I will now RTFL on user authentication and see what I can learn. Sorry if I've been wasting your time. - Martyn On Aug 5, 2:52 pm, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: User Identity
Actually I guess I can achieve that by using two different app versions ;-) On 5 Aug, 18:29, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 6:24 PM, Martynmartyn.cutc...@googlemail.com wrote: Yes, I was assuming that if the user (in the browser) signed into another account then that new user would be returned by the UserService. I don't think it is a problem for a real world situation, but for testing it gave me surprising results. For quick account swapping I can provide an app sign-out link. But it does seem that it would be hard to have different logins in different browser windows, which I would like for testing. Unfortunately, that's not really possible with _any_ login system short of sending a session ID between pages in the URL. HTTP is not session-based and has no concept of a browser window. -Nick Johnson On 5 Aug, 17:09, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 3:21 PM, Martynmartyn.cutc...@googlemail.com wrote: I'm sorry, I am clearly missing something here. And it looks like it's an unwarranted assumption on my part. I had assumed, that the Google user authentication could be used in place of a conventional application login. That's entirely correct. I have followed this to create a pattern such that the current Google user can be directly associated with an application user, and that for any request I could use the UserService to get a handle on the current user and then lookup my application user. Also fine. So logging out for me, meant the user signing out of their Google account. Is the user logging out by clicking a 'logout' link you provided them (using the Users API), or by logging out on some other Google service? If the latter, it's quite possible that doing so would not log the user out of all their App Engine apps immediately, yes. If you want a user to be able to log out immediately, you need to provide them with a logout link. I will now RTFL on user authentication and see what I can learn. Sorry if I've been wasting your time. - Martyn On Aug 5, 2:52 pm, Nick Johnson (Google) nick.john...@google.com wrote: On Wed, Aug 5, 2009 at 2:20 PM, Martynmartyn.cutc...@googlemail.com wrote: Are you suggesting that I need to do something in my App for each request to ensure the current user returned is valid? We're suggesting that we don't have enough information to determine where the problem is - certainly not enough information to conclude that the Users API is erroneously returning a logged in user after you have logged out. Have you tried logging the below information, and checking the admin console logs to verify what output is generated after you request the page after logging out? -Nick Johnson I have no control if the user changes their account sign-in in another browser window. My debug code is UserService us = UserServiceFactory.getUserService(); User usr = us.getCurrentUser(); StringBuffer buf = new StringBuffer(); buf.append(table class='omStatus'trthProperty/ththValue/ th/tr); buf.append(trtdNickname/tdtd + usr.getNickname() + /td/ tr); buf.append(trtdEMail/tdtd + usr.getEmail() + /td/tr); buf.append(trtdAuth Domain/tdtd + usr.getAuthDomain() + / td/tr); buf.append(/table); return buf.toString(); On Aug 5, 2:01 pm, Holger w...@arcor.de wrote: You really need to give more details. this cannot be explained by a cookie problem. ?? How can you know? What's the url where I can test? Who wrote that code? How does the code look like? -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine -- Nick Johnson, Developer Programs Engineer, App Engine --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google App Engine group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---