Possible bug in ExternalAuth/Fallback

I just set up RT 3.0.6. I have:

Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);

If I understand correctly, this means that if
$ENV{REMOTE_USER} is set and corresponds to a known
RT user, assume that user is authenticated. But if not,
fall back to using Internal Auth.

My webserver is set so that https:// urls will
properly set $ENV{REMOTE_USER} but http:// will not.

The problem:
External Auth works fine.

But Fallback does not.  RT _does_ correctly fall back
and offer me the login screen.  And I can log in
using Internal Auth.  But I have to re-login
EVERY CLICK!  Somehow the internal session is
destroyed, I login and get a new session, and the
url keeps track of what action is needed.

Bob Goldstein

This is a bug, has been reported, and there’s a fix – see ticket 3674
in the rt3 queue:

http://rt3.fsck.com/Ticket/Display.html?id=3674

Read the last couple of history entries for the best version of the patch.

-- Larry