session.forget() will prevent you from adding to the session from that line forward because it inhibits storing of the session to the file at the end of the request. I only wanted to remove session variables if the new user was not the same as the previous use logged into the application from that particular workstation.
I put the code in the model because I wanted to jettison the session variable if they actually came from a different account on the application. With web application logouts is a very tentative thing, many users just go away, close the browser etc. If you then reopen the browser on that workstation you will pick up the original session. Putting it on the front end of the request cycle and comparing the auth.user_id with the session.saved_id allows me to see if a new user as far as the web application is concerned is actually logged in. The code to clean_session looks like def clean_session(): session.varx = None session.dict2 = {} so you build it to scrub whatever you put in the session that you do not want to have move from user1 to user2 when they login from the same workstation using the same workstation account but a different web2py application account. Ron