I am using CanvasIFrameMasterPage and setting the session with user details in master page. I am facing a strange issue.
After an authorized user logs in and out from my application, and another unauthorized user accesses the application from the same browser, he is
not presented with the Authorize application page. And in the application code, the session key of the old user is still available in API.SessionKey. As a result, I can not differentiate between the new user and
the old user. The API.uid also returns the facebook user id of the old user.
However, in the case where old user logs in and out and another authorized
user accesses the application from the same browser, different session key is passed.
Is there a way I can differentiate between the unauthorized new user and the old user or force the authorization page?