views:

55

answers:

0

My app authenticates just fine. The problem comes when a different user logs in to the same browser.

The first page the new user lands everything is ok (the $_REQUEST parameters are still present in the iframes url). Once however they click on a link it reverts back to the cookie and it appears as though they are logged in as the previous user.

Why is the old cookie session not overwritten by the new $_REQUEST session?

How can I make my app authenticated other multiple pages and still use the cookie? Is there a way to set the cookie to contain the new session if $_GET['signed_request'] is present?

I am using the latest PHP SDK with the same authentication script that is supplied in the example with the SDK.