Session and login information are not same. The latter is stored in the former. When you logout it clears the login info in the session but does not clear the session. There is no need. You can of course do session.clear() if you want.
Sessions tells py4web (or web2py) that you are the same user as before. auth tells who you are and what you are authorized to do. On Tuesday, 3 March 2020 19:03:37 UTC-8, Carlos Hanson wrote: > > In chapter 4 of the documentation: > > By default py4web sessions never expire (unless they contain login >> information, but that is another story) even if an expiration can be set. > > > I see the truth in that statement, since I set the expiration in the > session, but my session never expires. > > > session = Session(secret=settings.SESSION_SECRET_KEY, expiration=settings. > SESSION_EXPIRATION) > > > What is the story about sessions containing login information? How do I > ensure I am not logged in forever? > > Thanks. > > Carlos > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/858b1d31-2e0a-47b7-bee2-ce91dcc3c9ba%40googlegroups.com.
