We’ve been finding some issues regarding internal authentication.
At one time I logged in with the browser-saved credentials and ended up being logged in with another user, whose credentials I did not know, were not saved, or have ever been used on this browser or machine. I could see that users name and all the information was pertaining to him. Logging out and logging back in would not replicate the issue again, this time I would log in with my own user.
Also related to this issue - We have a Bot to automate some tasks that replies/comments on our tickets dozens of times a day. We see that sometimes the Bot seems to authenticate as another internal user, as we will see its standard reply coming from another person.
We are using standard authentication, no integration with any tool.
Version 5.0.1 (has been happening on previous versions as well)
Standard authentication returns a cookie after successful login, well, in my experience it does. Is it possible the other user’s cookie was also in the same browser you used for accessing RT? If not, it would point towards a problem in session cookie mgmt within RT5, a possible collision of cookie values or the like.
Apache’s mod_speling is known to cause problems with CSS loading.
Apache’s mod_cache is now to cause problems with ‘bouncing/musical sessions’.
See the ‘web_deployment’ pod document in the documents directory.
Disabling mod_cache should fix the wandering credentials.
If you’re using the event mpm, that will definitely cause problems. I don’t know if it can account for the session question, but it can cause failed requests and other types of errors. For RT with Apache, you need to run the prefork MPM. There is a note here: