session.forget() will prevent you from adding to the session from that line
forward because it inhibits storing of the session to the file at the end of
the request. I only wanted to remove session variables if the new user was
not the same as the previous use logged into the application from that
particular workstation.
I put the code in the model because I wanted to jettison the session
variable if they actually came from a different account on the application.
With web application logouts is a very tentative thing, many users just go
away, close the browser etc. If you then reopen the browser on that
workstation you will pick up the original session. Putting it on the front
end of the request cycle and comparing the auth.user_id with the
session.saved_id allows me to see if a new user as far as the web
application is concerned is actually logged in.
The code to clean_session looks like
def clean_session():
session.varx = None
session.dict2 = {}
so you build it to scrub whatever you put in the session that you do not
want to have move from user1 to user2 when they login from the same
workstation using the same workstation account but a different web2py
application account.
Ron
