I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked "logout" she was no longer able to access any user pages.
I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
