Caching
Clearly the sysadmins know that. Are the developers aware of session management?
The Rugby World Cup has hit a security snag just over a week before the eagerly awaited tournament kicks off in New Zealand. Media partners logging into the dedicated media centre system were confronted with the profiles of other journalists instead. Sysadmins are trying to get to the bottom of the problem, in the meantime …
I've had that at a company where I had worked for a week for evaluation purposes.
They had a shop-in-shop system and some shop administrators would get logged in into the wrong shop backend. Turned out the login function just compares user and password hash, not the actual shop id. So the first match was used, which was not always the correct one. Especially with the shops the company administrated since those all had the same user/pass.
They never offered me a job so it hasn't been fixed and there is no one at the company even capable of understanding the problem, never mind fixing it. I left a note for a hot-fix (never ever use the same username for two shops) but I doubt anyone there can even understand that.