I really don't know how to put it without hurting anyone's feeling, but the mere fact is that ATM sessions are NOT tied to users. This is correct from a logical standpoint because not every site needs authentication by default, but still needs to use sessions. This is the same kind of situation with auth_groups cached at login: I really (and I mean really-really) don't want to check for every request if a user is still the member of group A and group B, for the only usecase scenario of the administrator dropping the membership on group B for the duration of the user session........ Given the scenario that the error occurs only when a user is dropped in the middle of her/him being authenticated on the site, I wouldn't take a performance hit for each and every request. The only viable solution would be to tie in some way the user to the session (or, even better, sessions to the user, as "homer" can be logged in from his mobile AND his laptop at the same time, using two different sessions), and try to prune every session associated with the user as soon as the record is dropped. Using sessions on db it may be simple. Given that sessions can be in cookies, files, databases or memcache/redis too... I'd really don't know how to do it without hurting performances.
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
