You could have a function that goes through each session file and looks for auth.user.id, and if it matches the id of the blocked user, delete the file. For some ideas on the logic for processing through all the session files, see http://code.google.com/p/web2py/source/browse/scripts/sessions2trash.py.
Another option is to include something like this in your app: if auth.user and db.auth_user[auth.user_id].registration_key == 'blocked': [code to logout user and either clear the session or delete the session file] The downside of that is it involves a database hit on every request for logged in users. You could reduce the db hits by only running the check if the requested function is one that requires login. Anthony On Tuesday, August 21, 2012 1:22:42 PM UTC-4, Yarin wrote: > > Is it possible to clear a session for a single user? > > Currently, if we need to block user access, we must delete the user record > or set registration key = "blocked", and then clear session for the entire > site. Is there a better way? > --