Arkadiusz Miskiewicz wrote: > I have a very serious security problem with 3.8 installation (3.8.6 > currently). > > Logged User sessions are being mixed up. One logged user is becoming another > logged user as seen by rt. It happens in different moments.
Are you using HTTP authentication or RT's built-in login page? If the former, it's likely a leaky apache process, squid or auth_cache problem (not RT); if the latter, then most likely a caching issue or possibly RT bug. -- Matthew Keller Information Security Officer Computing & Technology Services State University of New York @ Potsdam Potsdam, NY, USA _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
