I believe I've got a fairly complete solution ready to go.
Issue 1: Apache::Session statement handle clobbering.Inside our session handling library, Apache::Session, there's internal magic to cache database statement handles for increased performance. This is great in traditional application design, but falls over badly when, say, you have a redirect back to another page on the application and that redirect happens before the session is firmly disconnected. In RT 3.6, we mainstreamed an RT change which automatically redirects you to a ticket page after a create, reply or comment. We've changed RT's behaviour to more agressively clear its database connection, clear it before issuing the redirect header and do a couple other small things that should help
Issue 2: Host canonicalization.RT 3.6 uses absolute URLs for redirects. as well as in a couple other places. As of 3.6.0, we're redirecting to your "canonical" RT hostname. RT cookies are tied to a hostname. If you can get to RT as http://foo.company.com and http://foo, this would also cause a new authentication request.
Both of these issues are fixed in the current Subversion tree, which will be released as RT 3.6.1pre1 later tonight. (Or tomorrow if I don't make it through before my flight).
Best, Jesse
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html