We had a similar issue with a service that was behind a load balancer. I Benito@Unicon helped to identify the issue. The IP address of the client is used in the generation of the session ID. Once our service went to producion the volume of requests was great and the pool of IDs was limited by the narrowed pool. So randomly, two users would use one session.
I don't know if that is the problem here, but, it is a great cautionary tale of not... -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/58f150cf-73a3-475f-9a85-ea9b5724f8ca%40apereo.org.