diff --git a/web/app/assets/stylesheets/client/content.css.scss b/web/app/assets/stylesheets/client/content.css.scss
index 108892b37..ad578a628 100644
--- a/web/app/assets/stylesheets/client/content.css.scss
+++ b/web/app/assets/stylesheets/client/content.css.scss
@@ -429,7 +429,7 @@ ul.shortcuts {
     padding:2px;
   }
 
-  .account-home, .band-setup, .audio, .get-help, .download-app, .invite-friends {
+  .account-home, .band-setup, .audio, .get-help, .download-app, .community-forum, .invite-friends {
     border-bottom:1px;
     border-style:solid;
     border-color:#ED3618;
diff --git a/web/app/controllers/clients_controller.rb b/web/app/controllers/clients_controller.rb
index 32ca78db0..0f89b42de 100644
--- a/web/app/controllers/clients_controller.rb
+++ b/web/app/controllers/clients_controller.rb
@@ -28,11 +28,7 @@ class ClientsController < ApplicationController
     gon.use_cached_session_scores = Rails.application.config.use_cached_session_scores
     gon.allow_both_find_algos = Rails.application.config.allow_both_find_algos
 
-    #if current_user
-      render :layout => 'client'
-    #else
-    #  redirect_to root_url
-    #end
+    render :layout => 'client'
   end
 
   AUTHED = %W{friend}
diff --git a/web/app/controllers/sessions_controller.rb b/web/app/controllers/sessions_controller.rb
index caa63cbbf..fbeb8ec9f 100644
--- a/web/app/controllers/sessions_controller.rb
+++ b/web/app/controllers/sessions_controller.rb
@@ -5,6 +5,16 @@ class SessionsController < ApplicationController
 
   def new
     @login_error = false
+    @sso = params[:sso]
+    @send_back_to = request.headers['REFERER']
+    params[:send_back_to] = @send_back_to
+
+    if current_user
+      # send them on their way
+      complete_sign_in(current_user)
+      return
+    end
+
     render :layout => "landing"
   end
 
@@ -13,6 +23,8 @@ class SessionsController < ApplicationController
 
     if user.nil?
       @login_error = true
+      @sso = params[:sso]
+      @send_back_to = params[:send_back_to]
       render 'new', :layout => "landing"
     else
 
@@ -133,16 +145,30 @@ class SessionsController < ApplicationController
     render 'oauth_complete', :layout => "landing"
   end
 
+  def redirect_after_signin(default)
+    redirect_to(params['redirect-to'].blank? ? default : params['redirect-to'])
+  end
+
+  def redirect_to_forums_after_signin
+    redirect_to("#{Rails.application.config.vanilla_login_url}?client_id=#{Rails.application.config.vanilla_client_id}&Target=#{ERB::Util.url_encode(params[:send_back_to].blank? ? '/' : params[:send_back_to])}")
+  end
+
+  def redirect_to_support_after_signin(user)
+    # generate multipass token and sign it
+    multipass = DeskMultipass.new(user)
+    callback_url = Rails.application.config.multipass_callback_url
+    redirect_to "#{callback_url}?multipass=#{multipass.token}&signature=#{multipass.signature}"
+  end
+
   def complete_sign_in(user)
     sign_in user
 
-    if !params[:sso].nil? && params[:sso] == "desk"
-      # generate multipass token and sign it
-      multipass = DeskMultipass.new(user)
-      callback_url = SampleApp::Application.config.multipass_callback_url
-      redirect_to "#{callback_url}?multipass=#{multipass.token}&signature=#{multipass.signature}"
+    if params[:sso] == "desk"
+      redirect_to_support_after_signin(user)
+    elsif params[:sso] == 'forums'
+      redirect_to_forums_after_signin
     else
-      redirect_back_or client_url
+      redirect_after_signin(client_path)
     end
   end
 
diff --git a/web/app/controllers/vanilla_forums_controller.rb b/web/app/controllers/vanilla_forums_controller.rb
new file mode 100644
index 000000000..34a26dc6f
--- /dev/null
+++ b/web/app/controllers/vanilla_forums_controller.rb
@@ -0,0 +1,63 @@
+require 'base64'
+require 'js_connect'
+
+class VanillaForumsController < ApplicationController
+
+  @@log = Logging.logger[VanillaForumsController]
+
+  # displays the embedded forum
+  # see http://vanillaforums.com/blog/jsconnect-technical-documentation-for-embedded-sso/
+  def show
+
+    user = {name: '', photourl: ''}
+    if current_user
+      user = {email: current_user.email, name: current_user.username,
+              photourl: current_user.profile_pic,
+              uniqueid: current_user.username}
+    end
+    user.merge!({client_id: Rails.application.config.vanilla_client_id})
+
+    # json encode the user
+    json = ActiveSupport::JSON.encode(user);
+    # base 64 encode the user json
+    signature_string = Base64.strict_encode64(json)
+    # Sign the signature string with current timestamp using hmac sha1
+    signature = Digest::HMAC.hexdigest(signature_string + ' ' +
+                                           Time.now.to_i.to_s, Rails.application.config.vanilla_secret, Digest::SHA1)
+    # build the final sso string
+    @vanilla_sso = "#{signature_string} #{signature} #{Time.now.to_i} hmacsha1"
+
+  end
+
+  # callback for vanilla authentication
+  # see http://vanillaforums.com/blog/jsconnect-technical-documentation
+  # ruby jsconnect client library: https://github.com/vanillaforums/jsConnectRuby
+  def authenticate
+
+    user = {}
+    if current_user
+
+      user = {'email' => current_user.email, 'name' => current_user.name,
+              'photourl' =>  current_user.resolved_photo_url,
+              'uniqueid' =>  current_user.id}
+
+      @@log.debug("user is logged in: #{user}")
+    else
+      @@log.debug("user is not logged in")
+    end
+
+
+    render :json => JsConnect::getJsConnectString(user, request,
+                                                  Rails.application.config.vanilla_client_id, Rails.application.config.vanilla_secret)
+
+  end
+
+  # only for testing; routes are conditionally based on test ENV
+  def fake_root
+    render layout: 'web'
+  end
+  # only for testing; routes are conditionally based on test ENV
+  def fake_jsconnect
+    render layout: 'web'
+  end
+end
\ No newline at end of file
diff --git a/web/app/helpers/sessions_helper.rb b/web/app/helpers/sessions_helper.rb
index 1c17dbe93..9966731a6 100644
--- a/web/app/helpers/sessions_helper.rb
+++ b/web/app/helpers/sessions_helper.rb
@@ -54,7 +54,7 @@ module SessionsHelper
 
   def sign_out
     current_user = nil
-    cookies.delete(:remember_token)
+    cookies.delete(:remember_token, domain: Rails.application.config.session_cookie_domain)
   end
 
   def redirect_back_or(default)
diff --git a/web/app/views/clients/_footer.html.erb b/web/app/views/clients/_footer.html.erb
index 805c33a68..5c4fee259 100644
--- a/web/app/views/clients/_footer.html.erb
+++ b/web/app/views/clients/_footer.html.erb
@@ -6,7 +6,7 @@
 
   <!-- footer links -->
   <div id="footer-links">
-    <%= link_to "about", corp_about_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "news", corp_news_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "media", corp_media_center_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "contact", corp_contact_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "privacy", corp_privacy_path, :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "terms of service", corp_terms_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "help", corp_help_path , :rel=>"external" %>
+    <%= link_to "about", corp_about_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "news", corp_news_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "media", corp_media_center_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "contact", corp_contact_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "privacy", corp_privacy_path, :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "terms of service", corp_terms_path , :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "community forum", Rails.application.config.vanilla_url, :rel=>"external" %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "help", corp_help_path , :rel=>"external" %>
   </div>
 
   <%= render "clients/recordingManager" %>
diff --git a/web/app/views/layouts/corporate.html.erb b/web/app/views/layouts/corporate.html.erb
index b15738de9..0b973c562 100644
--- a/web/app/views/layouts/corporate.html.erb
+++ b/web/app/views/layouts/corporate.html.erb
@@ -63,7 +63,7 @@
     <div id="copyright">Copyright &copy; <%= Time.now.year %> JamKazam, Inc. All Rights Reserved</div>
 
     <!-- footer links -->
-    <div id="footer-links"><%= link_to "about", corp_about_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "news", corp_news_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "media", corp_media_center_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "contact", corp_contact_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "privacy", corp_privacy_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "terms of service", corp_terms_path %>&nbsp;&nbsp;|&nbsp;<%= link_to "help", corp_help_path %></div>
+    <div id="footer-links"><%= link_to "about", corp_about_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "news", corp_news_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "media", corp_media_center_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "contact", corp_contact_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "privacy", corp_privacy_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "terms of service", corp_terms_path %>&nbsp;&nbsp;|&nbsp;&nbsp;<%= link_to "community forum", Rails.application.config.vanilla_url, :rel=>"external" %>&nbsp;&nbsp;|&nbsp;<%= link_to "help", corp_help_path %></div>
 
     <div id="version"><%= version %></div>
   </div>
diff --git a/web/app/views/sessions/new.html.erb b/web/app/views/sessions/new.html.erb
index aa4334ee8..a59fb1cf6 100644
--- a/web/app/views/sessions/new.html.erb
+++ b/web/app/views/sessions/new.html.erb
@@ -16,8 +16,9 @@
             Enter your email address and password:
 
           <div>
-            <%= form_for(:session, url: sessions_path) do |f| %>
-                <input type="hidden" name="sso" value="<%= params[:sso] %>">
+            <%= form_for(:session, url: signin_path + (request.query_string.blank? ? '' : '?' + request.query_string)) do |f| %>
+                <input type="hidden" name="sso" value="<%= @sso %>">
+                <input type="hidden" name="send_back_to" value="<%= @send_back_to %>">
                 <fieldset name="text-input" class="<%= 'login-error' if @login_error %>">
 
                     <div class="field email">
diff --git a/web/app/views/users/_user_dropdown.html.erb b/web/app/views/users/_user_dropdown.html.erb
index 6f2b785f4..6cbb97ed0 100644
--- a/web/app/views/users/_user_dropdown.html.erb
+++ b/web/app/views/users/_user_dropdown.html.erb
@@ -31,6 +31,7 @@
       </ul>
     </li>
     <li class="download-app"><%= link_to "Download App", downloads_path, :rel => "external" %></li>
+    <li class="community-forum"><%= link_to "Community Forum", Rails.application.config.vanilla_url, :rel => "external" %></li>
     <li class="get-help"><%= link_to "Get Help", 'https://jamkazam.desk.com/', :rel => "external" %></li>
     <li class="sign-out"><%= link_to "Sign Out", signout_path, method: "delete" %></li>
 
diff --git a/web/app/views/vanilla_forums/fake_jsconnect.html.haml b/web/app/views/vanilla_forums/fake_jsconnect.html.haml
new file mode 100644
index 000000000..a5097d7ee
--- /dev/null
+++ b/web/app/views/vanilla_forums/fake_jsconnect.html.haml
@@ -0,0 +1 @@
+%h1 welcome to fake login page
\ No newline at end of file
diff --git a/web/app/views/vanilla_forums/fake_root.html.haml b/web/app/views/vanilla_forums/fake_root.html.haml
new file mode 100644
index 000000000..20d4c8531
--- /dev/null
+++ b/web/app/views/vanilla_forums/fake_root.html.haml
@@ -0,0 +1 @@
+%h1 welcome to fake vanilla forums
\ No newline at end of file
diff --git a/web/config/application.rb b/web/config/application.rb
index 4fe2f19d6..5f1e18959 100644
--- a/web/config/application.rb
+++ b/web/config/application.rb
@@ -220,5 +220,16 @@ if defined?(Bundler)
     config.allow_both_find_algos = false
 
     config.session_cookie_domain = nil
+
+    # these are production values.  we should have a test server, but would require us to set one up
+    # we do have some 'fake pages' in the vanilla_forums_controller.rb to get close
+    config.vanilla_client_id = 'www'
+    config.vanilla_secret = 'bibbitybobbityslipperyslopes'
+    config.vanilla_url = 'http://forums.jamkazam.com'
+    config.vanilla_login_url = 'http://forums.jamkazam.com/entry/jsconnect'
+
+    # we have to do this for a while until all www.jamkazam.com cookies are gone,
+    # and only .jamkazam.com cookies are around.. 2016?
+    config.middleware.insert_before "ActionDispatch::Cookies", "Middlewares::ClearDuplicatedSession"
   end
 end
diff --git a/web/config/environments/test.rb b/web/config/environments/test.rb
index d31eb7e24..696735db7 100644
--- a/web/config/environments/test.rb
+++ b/web/config/environments/test.rb
@@ -69,5 +69,10 @@ SampleApp::Application.configure do
   config.use_promos_on_homepage = false
 
   config.use_cached_session_scores = true
+
+  config.session_cookie_domain = nil
+
+  config.vanilla_url = '/forums'
+  config.vanilla_login_url = '/forums/entry/jsconnect'
 end
 
diff --git a/web/config/routes.rb b/web/config/routes.rb
index 1c665bd46..eb4d82e4b 100644
--- a/web/config/routes.rb
+++ b/web/config/routes.rb
@@ -17,7 +17,8 @@ SampleApp::Application.routes.draw do
   match '/congratulations_fan',  to: 'users#congratulations_fan'
   match '/downloads',  to: 'users#downloads'
 
-  match '/signin',  to: 'sessions#new'
+  match '/signin',  to: 'sessions#new', via: :get
+  match '/signin',  to: 'sessions#create', via: :post
   match '/signout', to: 'sessions#destroy', via: :delete
 
   # oauth
@@ -84,8 +85,16 @@ SampleApp::Application.routes.draw do
 
   if Rails.env == "test"
     match '/test_connection',  to: 'sessions#connection_state', :as => :connection_state
+
+    # vanilla forums 'fake methods'
+    match '/forums', to: 'vanilla_forums#fake_root'
+    match '/forums/entry/jsconnect', to: 'vanilla_forums#fake_jsconnect'
   end
 
+  # vanilla forums sso
+  match '/forums/sso', to: 'vanilla_forums#authenticate'
+
+
   scope '/corp' do
     # about routes
     match '/about',         to: 'corps#about',            as: 'corp_about'
diff --git a/web/lib/js_connect.rb b/web/lib/js_connect.rb
new file mode 100644
index 000000000..82909c50d
--- /dev/null
+++ b/web/lib/js_connect.rb
@@ -0,0 +1,99 @@
+# This module contains the client code for Vanilla jsConnect single sign on
+# Author:: Todd Burry (mailto:todd@vanillaforums.com)
+# Version:: 1.0b
+# Copyright:: Copyright 2008, 2009 Vanilla Forums Inc.
+# License http://www.opensource.org/licenses/gpl-2.0.php GPLv2
+
+
+module JsConnect
+
+  @@log = Logging.logger[JsConnect]
+
+  def JsConnect.error(code, message)
+    return {"error" => code, "message" => message}
+  end
+
+  def JsConnect.getJsConnectString(user, request = {}, client_id = "", secret = "", secure = true)
+    error = nil
+
+    timestamp = request["timestamp"].to_i
+    current_timestamp = JsConnect.timestamp
+
+    if secure
+      # Make sure the request coming in is signed properly
+
+      if !request['client_id']
+        error = JsConnect.error('invalid_request', 'The client_id parameter is missing.')
+      elsif request['client_id'] != client_id
+        error = JsConnect.error('invalid_client', "Unknown client #{request['client_id']}.")
+      elsif request['timestamp'].nil? and request['signature'].nil?
+        @@log.debug("no timestamp right? #{request['timestamp']}, #{request['signature']}")
+        if user and !user.empty?
+          error = {'name' => user['name'], 'photourl' => user['photourl']}
+        else
+          error = {'name' => '', 'photourl' => ''}
+        end
+      elsif request['timestamp'].nil?
+        error = JsConnect.error('invalid_request', 'The timestamp is missing or invalid.')
+      elsif !request['signature']
+        error = JsConnect.error('invalid_request', 'The signature is missing.')
+      elsif (current_timestamp - timestamp).abs > 30 * 60
+        error = JsConnect.error('invalid_request', 'The timestamp is invalid.')
+      else
+        # Make sure the timestamp's signature checks out.
+        timestamp_sig = Digest::MD5.hexdigest(timestamp.to_s + secret)
+        if timestamp_sig != request['signature']
+          error = JsConnect.error('access_denied', 'Signature invalid.')
+        end
+      end
+    end
+
+    if error
+      @@log.debug("not valid request: #{error}")
+      result = error
+    elsif user and !user.empty?
+      result = user.clone
+      @@log.debug("logging in: #{error}")
+      JsConnect.signJsConnect(result, client_id, secret, true)
+    else
+      @@log.debug("anonymous")
+      result = {"name" => "", "photourl" => ""}
+    end
+
+    json = ActiveSupport::JSON.encode(result);
+    if request["callback"]
+      return "#{request["callback"]}(#{json});"
+    else
+      return json
+    end
+  end
+
+  def JsConnect.signJsConnect(data, client_id, secret, set_data = false)
+    # Build the signature string. This is essentially a querystring representation of data, sorted by key
+    keys = data.keys.sort { |a,b| a.downcase <=> b.downcase }
+
+    sig_str = ""
+
+    keys.each do |key|
+      if sig_str.length > 0
+        sig_str += "&"
+      end
+
+      value = data[key]
+      @@log.debug("key #{key}, value #{value}")
+      sig_str += CGI.escape(key) + "=" + CGI.escape(value)
+    end
+
+    signature = Digest::MD5.hexdigest(sig_str + secret);
+
+    if set_data
+      data["clientid"] = client_id
+      data["signature"] = signature
+    end
+    return signature
+  end
+
+  def JsConnect.timestamp
+    return Time.now.to_i
+  end
+end
\ No newline at end of file
diff --git a/web/lib/middlewares/clear_duplicated_session.rb b/web/lib/middlewares/clear_duplicated_session.rb
new file mode 100644
index 000000000..b82d21c55
--- /dev/null
+++ b/web/lib/middlewares/clear_duplicated_session.rb
@@ -0,0 +1,55 @@
+# http://astashov.github.io/2011/02/26/conflict-of-session-cookies-with-different-domains-in-rails-3.html
+
+# We had to do this when we changed from www.jamkazam.com to .jamkazam.com as the cookie served out
+
+module Middlewares
+  class ClearDuplicatedSession
+
+    @@log = Logging.logger[ClearDuplicatedSession]
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      status, headers, body = @app.call(env)
+
+      if there_are_more_than_one_session_key_in_cookies?(env)
+        delete_session_cookie_for_current_domain(env, headers)
+      end
+
+      [status, headers, body]
+    end
+
+
+    private
+
+    def there_are_more_than_one_session_key_in_cookies?(env)
+      entries = 0
+      offset = 0
+      while offset = env["HTTP_COOKIE"].to_s.index(get_session_key(env), offset)
+        entries += 1
+        offset += 1
+      end
+      entries > 1
+    end
+
+
+    # Sets expiration date = 1970-01-01 to the cookie, this way browser will
+    # note the cookie is expired and will delete it
+    def delete_session_cookie_for_current_domain(env, headers)
+      @@log.debug "deleting default domain session cookie"
+      ::Rack::Utils.set_cookie_header!(
+          headers, # contains response headers
+          get_session_key(env), # gets the cookie session name, '_session_cookie' - for this example
+          { :value => '', :path => '/', :expires => Time.at(0) }
+      )
+    end
+
+
+    def get_session_key(env)
+      'remember_token'
+    end
+
+  end
+end
\ No newline at end of file
diff --git a/web/spec/controllers/sessions_controller_spec.rb b/web/spec/controllers/sessions_controller_spec.rb
index 87fe1cc7e..afaf5a473 100644
--- a/web/spec/controllers/sessions_controller_spec.rb
+++ b/web/spec/controllers/sessions_controller_spec.rb
@@ -34,11 +34,9 @@ describe SessionsController do
       post :create, :session => @attr
       response.should redirect_to(client_url)      
     end
-
   end
-  
-  describe "create_oauth" do
 
+  describe "create_oauth" do
 
     describe "twitter" do
 
diff --git a/web/spec/features/account_spec.rb b/web/spec/features/account_spec.rb
index 86b9c7713..fd83498dd 100644
--- a/web/spec/features/account_spec.rb
+++ b/web/spec/features/account_spec.rb
@@ -97,7 +97,7 @@ describe "Account", :js => true, :type => :feature, :capybara_feature => true do
         end
 
         it {
-          user.subscribe_email.should be_true
+          user.subscribe_email.should be_true # we haven't user.reload yet
           should have_selector('h1',    text: 'my account')
           should have_selector('#notification h2', text: 'Profile Changed')
           user.reload
diff --git a/web/spec/features/authentication_pages_spec.rb b/web/spec/features/authentication_pages_spec.rb
index 6f2ea1ec3..7aea9cb9d 100644
--- a/web/spec/features/authentication_pages_spec.rb
+++ b/web/spec/features/authentication_pages_spec.rb
@@ -82,20 +82,10 @@ describe "Authentication", :js => true,  :type => :feature, :capybara_feature =>
 
         describe "after signing in" do
 
-          it "should render the desired protected page" do
-            page.should have_title("JamKazam | Edit user")
-          end
-
-          describe "when signing in again" do
+          describe "when attempting to sign in again, should render the signed-in client page" do
             before do
               visit signin_path
-              fill_in "Email",    with: user.email
-              fill_in "Password", with: user.password
-              click_button "SIGN IN"
-            end
 
-            it "should render the signed-in client page" do
-              # it now goes to /music_sessions
               page.should have_title("JamKazam")
               page.should have_selector('h2', text: "musicians")
             end
diff --git a/web/spec/features/signin_spec.rb b/web/spec/features/signin_spec.rb
new file mode 100644
index 000000000..3d6dfe3c0
--- /dev/null
+++ b/web/spec/features/signin_spec.rb
@@ -0,0 +1,179 @@
+require 'spec_helper'
+
+describe "signin" do
+
+  subject { page }
+
+  let(:user) { FactoryGirl.create(:user) }
+
+  before(:each) do
+    visit signin_path
+  end
+
+  it "success" do
+    visit signin_path
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('.curtain', text: 'Connecting...')
+  end
+
+  it "success with redirect" do
+    visit signin_path + '?' + {'redirect-to' => '/'}.to_query
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('h1', text: 'Play music together over the Internet as if in the same room')
+  end
+
+  # proves that redirect-to is preserved between failure
+  it 'failure, then success with redirect' do
+
+    visit signin_path + '?' + {'redirect-to' => '/'}.to_query
+    fill_in "Email", with: user.email
+    fill_in "Password", with: 'wrong'
+    click_button "SIGN IN"
+
+    find('h1', text:'sign in or register')
+    find('.login-error')
+
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('h1', text: 'Play music together over the Internet as if in the same room')
+  end
+
+  it "success with forum sso" do
+    visit signin_path + '?' + {:sso => :forums}.to_query
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('h1', text: 'welcome to fake login page')
+
+    # should be sent to the login url
+    current_url.include? Rails.application.config.vanilla_login_url
+    # and that login url should contain a 'Target' which is a post-redirect enacted by vanilla
+    uri = URI.parse(current_url)
+    Rack::Utils.parse_nested_query(uri.query)['Target'].should == '/'
+  end
+
+  it "failure, then success with forum sso" do
+    visit signin_path + '?' + {:sso => :forums}.to_query
+
+    fill_in "Email", with: user.email
+    fill_in "Password", with: 'wrong'
+    click_button "SIGN IN"
+
+    find('h1', text:'sign in or register')
+    find('.login-error')
+
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('h1', text: 'welcome to fake login page')
+
+    # should be sent to the login url
+    current_url.include? Rails.application.config.vanilla_login_url
+    # and that login url should contain a 'Target' which is a post-redirect enacted by vanilla
+    uri = URI.parse(current_url)
+    Rack::Utils.parse_nested_query(uri.query)['Target'].should == '/'
+  end
+
+  it "success with forum sso w/ custom redirect" do
+    visit signin_path + '?' + {:sso => :forums, send_back_to: '/junk'}.to_query
+
+    fill_in "Email", with: user.email
+    fill_in "Password", with: user.password
+    click_button "SIGN IN"
+
+    find('h1', text: 'welcome to fake login page')
+
+    # should be sent to the login url
+    current_url.include? Rails.application.config.vanilla_login_url
+    # and that login url should contain a 'Target' which is a post-redirect enacted by vanilla
+    uri = URI.parse(current_url)
+    Rack::Utils.parse_nested_query(uri.query)['Target'].should == '/junk'
+  end
+
+  describe "already logged in" do
+
+    it "redirects back to /client" do
+      visit signin_path
+
+      fill_in "Email", with: user.email
+      fill_in "Password", with: user.password
+      click_button "SIGN IN"
+      find('.curtain', text: 'Connecting...')
+
+      visit signin_path
+
+      find('.curtain', text: 'Connecting...')
+    end
+
+    it "redirects back to forum if sso=forum" do
+      visit signin_path
+
+      fill_in "Email", with: user.email
+      fill_in "Password", with: user.password
+      click_button "SIGN IN"
+      find('.curtain', text: 'Connecting...')
+
+      visit signin_path + '?' + {:sso => :forums}.to_query
+
+      find('h1', text: 'welcome to fake login page')
+    end
+  end
+
+  describe "with javascript",  :js => true, :type => :feature, :capybara_feature => true do
+
+    # if a cookie with the default domain is found with another, delete the one with the default domain
+    it "delete duplicate session cookies" do
+
+      # this has the opposite effect of what you normally want, but still proves thath the cookie deleter is doing it's thing
+      # here's why:  by default, in our poltergeist tests are have a cookie domain of 127.0.0.1.
+      # The ClearDuplicatedSession middleware will delete the 'default' domain cookie (in this case, the one that the server is making on logon)
+      # any sort of wildcard cookie (like the one we create here, with a 'junk' value, will not be deleted, and
+      # prevent successful log in indefinitely)
+      page.driver.set_cookie(:remember_token, 'junk', domain: '.127.0.0.1')
+
+      visit signin_path
+
+      fill_in "Email", with: user.email
+      fill_in "Password", with: user.password
+      click_button "SIGN IN"
+
+      find('h1', text: 'Play music together over the Internet as if in the same room')
+    end
+
+    # if a cookie with the default domain is found with another, delete the one with the default domain
+    it "delete duplicate session cookies - verify middleware called" do
+
+      # this has the opposite effect of what you normally want, but still proves thath the cookie deleter is doing it's thing
+      # here's why:  by default, in our poltergeist tests are have a cookie domain of 127.0.0.1.
+      # The ClearDuplicatedSession middleware will delete the 'default' domain cookie (in this case, the one that the server is making on logon)
+      # any sort of wildcard cookie (like the one we create here, with a 'junk' value, will not be deleted, and
+      # prevent successful log in indefinitely)
+      page.driver.set_cookie(:remember_token, 'junk', domain: '.127.0.0.1')
+
+      delete_called = false
+      Middlewares::ClearDuplicatedSession.any_instance.stub(:delete_session_cookie_for_current_domain) do
+        delete_called = true
+      end
+
+      visit signin_path
+
+      fill_in "Email", with: user.email
+      fill_in "Password", with: user.password
+      click_button "SIGN IN"
+
+      find('h1', text: 'Play music together over the Internet as if in the same room')
+
+      delete_called.should be_true
+    end
+  end
+end
diff --git a/web/spec/features/text_message_spec.rb b/web/spec/features/text_message_spec.rb
index 77842db69..601eb7c93 100644
--- a/web/spec/features/text_message_spec.rb
+++ b/web/spec/features/text_message_spec.rb
@@ -10,17 +10,9 @@ describe "Text Message", :js => true, :type => :feature, :capybara_feature => tr
     @user1 = FactoryGirl.create(:user)
     @user2 = FactoryGirl.create(:user, first_name: 'bone_crusher')
     sign_in_poltergeist(@user1)
+
   end
 
-  describe "burn em up" do
-    in_client "one" do
-
-    end
-
-    in_client "two" do
-
-    end
-  end
   # what are all the ways to launch the dialog?
   describe "launches" do
 
@@ -82,7 +74,6 @@ describe "Text Message", :js => true, :type => :feature, :capybara_feature => tr
     end
 
     it "can load directly into chat session from url" do
-      sign_in_poltergeist(@user1)
       visit "/"
       find('h1', text: 'Play music together over the Internet as if in the same room')
       visit "/client#/home/text-message/d1=#{@user2.id}"
@@ -129,7 +120,6 @@ describe "Text Message", :js => true, :type => :feature, :capybara_feature => tr
     end
 
     it "shows error with a notify" do
-      sign_in_poltergeist(@user1)
       visit '/'
       find('h1', text: 'Play music together over the Internet as if in the same room')
       visit "/client#/home/text-message/d1=#{@user2.id}"
diff --git a/web/spec/features/twitter_auth_spec.rb b/web/spec/features/twitter_auth_spec.rb
index b9d888d8d..5c20e5076 100644
--- a/web/spec/features/twitter_auth_spec.rb
+++ b/web/spec/features/twitter_auth_spec.rb
@@ -59,6 +59,8 @@ describe "Welcome", :js => true, :type => :feature, :capybara_feature => true  d
     auth = user.user_authorization('twitter')
     auth.uid.should == '1234'
 
+    sign_out
+
     sign_in_poltergeist user2
     visit '/'
     find('h1', text: 'Play music together over the Internet as if in the same room')
diff --git a/web/spec/support/utilities.rb b/web/spec/support/utilities.rb
index b4524d7f2..4c82a0a1b 100644
--- a/web/spec/support/utilities.rb
+++ b/web/spec/support/utilities.rb
@@ -21,6 +21,8 @@ $capybara_session_mapper = {}
 # called in before (or after) test, to make sure each test run has it's own map of session names
 def reset_session_mapper
   $capybara_session_mapper.clear
+
+  Capybara.session_name = :default
 end
 
 # manages the mapped session name
@@ -68,6 +70,21 @@ def sign_in(user)
   cookie_jar[:remember_token] = user.remember_token
 end
 
+def set_cookie(k, v)
+  case Capybara.current_session.driver
+    when Capybara::Poltergeist::Driver
+      page.driver.set_cookie(k,v)
+    when Capybara::RackTest::Driver
+      headers = {}
+      Rack::Utils.set_cookie_header!(headers,k,v)
+      cookie_string = headers['Set-Cookie']
+      Capybara.current_session.driver.browser.set_cookie(cookie_string)
+    when Capybara::Selenium::Driver
+      page.driver.browser.manage.add_cookie(:name=>k, :value=>v)
+    else
+      raise "no cookie-setter implemented for driver #{Capybara.current_session.driver.class.name}"
+  end
+end
 
 def sign_in_poltergeist(user)
   visit signin_path