For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable.
For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil <yager.n...@gmail.com> wrote: > I just heard from someone who had never been to my site before. When she > visited (on her phone), it was already logged on as another user. This > other user (she told me his name) is located on the other side of the > world, and may or may not have logged out. I'm rather worried - she was > accessing functions decorated with @auth.requires_login() without even > having an account, let alone logging in! Once she clicked "logout" she was > no longer able to access any user pages. > > I understand this will be tough to debug with so little information. > Furthermore, I've never observed this behaviour personally. However, it's > concerning enough that I thought I'd see if anyone else > has experienced such a thing. If not, any ideas how such a thing could even > happen? > > I'm using trunk - I suppose I should roll back to stable? > > Neil > > -- > > > > --
