Dave, > It is very strange. I do not understand how a User object in Session > A gets into Session B. It seems that after a session is expired or > invalidated, that session is attached to another user's request.
I think what's going on is that you have a global session, instead of individual sessions. User A is not seeing User B's session: everyone is seeing the /same/ session. Just a guess. -chris
signature.asc
Description: OpenPGP digital signature
