in a customer company there are few systems and of course OTRS. Company's users always log in these systems(they never log in directly in otrs) so a requirement was "if a user log in system X, dont make him log in again in OTRS", to solve it, i make use of OTRS Webservices(i call them from these systems and redirect the user directly to customer.pl?CustomerSessionName=SessionID)..i hope that is clear
So a first user was in System 1, and clicked the otrs link to create a ticket
this is the log for that user
but apparently there was another user clicking the otrs link from System 2
and this is the log in the webservice
Did you notice it already?
Yes!, otrs created same SessionID for these users!
and guess what, first user ended up with the info of user 2, so when he created the ticket, the ticket was registered to user 2..and of course they blamed me
note that both incoming requests have the same date.. but there is 1 second delay in the response for the second user.
Checking OTRS source code, i saw that the CreateSessionID method is based of MainObject::GenerateRandomString (https://github.com/OTRS/otrs/blob/rel-3 ... n.pm#L1014)
i took a look to see if it was based on unixtime or something but nope, it was not the case.. so yeah, what are the chances of this happening?
anyway, ill try to override the CreateSessionID to append the CustomerUserLogin so i can prevent that in the future
any thoughts?