Issues with authentication

Hello,

We’ve been finding some issues regarding internal authentication.
At one time I logged in with the browser-saved credentials and ended up being logged in with another user, whose credentials I did not know, were not saved, or have ever been used on this browser or machine. I could see that users name and all the information was pertaining to him. Logging out and logging back in would not replicate the issue again, this time I would log in with my own user.

Also related to this issue - We have a Bot to automate some tasks that replies/comments on our tickets dozens of times a day. We see that sometimes the Bot seems to authenticate as another internal user, as we will see its standard reply coming from another person.

We are using standard authentication, no integration with any tool.
Version 5.0.1 (has been happening on previous versions as well)

Any help figuring this out would be appreciated.

Standard authentication returns a cookie after successful login, well, in my experience it does. Is it possible the other user’s cookie was also in the same browser you used for accessing RT? If not, it would point towards a problem in session cookie mgmt within RT5, a possible collision of cookie values or the like.

Apache’s mod_speling is known to cause problems with CSS loading.
Apache’s mod_cache is now to cause problems with ‘bouncing/musical sessions’.
See the ‘web_deployment’ pod document in the documents directory.

Disabling mod_cache should fix the wandering credentials.

Jeff

HI,

Thanks you for the quick reply!
We’ve disabled mod_cache and we’ll see the following days if the issue has been resolved.

Hello,

We disabled mod_cache, however the bot once again replied using another internal account.
Anything else we can try?