when you set site= in ActiveResource::Base, it parses out the password and username out of that and sets it internally. so when we clear the session here, we should also clear those flags, otherwise you end up with unexpected authentication headers down the line

lib/shopify_api/resources/base.rb

@@ -58,6 +58,8 @@ module ShopifyAPI
 
       def clear_session
         self.site = nil
+        self.password = nil
+        self.user = nil
         self.headers.delete('X-Shopify-Access-Token')
       end