I see this in 2.9.2 too (Just tested with the latest release) On Monday, March 3, 2014 1:25:14 PM UTC+5:30, Kiran Subbaraman wrote: > > Hello, > I noticed this issue recently related to user session data. > In my application I store some user specific session data, so that I do > not have to hit the database everytime (now, am also looking at using > the cache for that, instead of session). > If userA is logged into the application, and then userA auth session > expires, a login screen is presented. In case login is performed with > userB's credentials, the session data from userA is still available, and > is displayed on userB's screen. > > I have created a minimal app to demonstrate the issue that I see. Also > take a look at the screenshots. Notice the session.userdata variable's > value. > Tested this on web2py 2.8.2, on Windows 8. > > This is my controller code: > @auth.requires_login() > def index(): > ... > > if session['userdata'] is None: > session.userdata = auth.user.first_name > > I am suspecting this is an issue / bug. Can anyone confirm? > This issue does not arise, if the user explicitly logs out of a session, > or the browser window is closed (I have set my browser to clear all > cookies data when it is closed) > > -- > > ________________________________________ > Kiran Subbaraman > http://subbaraman.wordpress.com/about/ > >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.