A small number of users that access our application from a single location (but
on different workstations) experience constant problems with session-confusion.
No other users can replicate this problem but for the 3 users at this
particular site, it's a constant problem. Here's the scenario:

1) User A logs in. We authenticate him against the database and he completes
his transactions and logs off (a <CFLOGOUT> is issued).
2) User B logs in from a different workstation (but from the same subnet at
the same location). After he presents his login credentials and is
authenticated he is connected as User A, instead of as User B. We know his
state was "not logged in" before he entered his credentials because he was
redirected to the login page. We know he is logged in as User A after he logs
in because we display this on the menu page.

As I mentioned -- this only happens for 3 users that log in from the same
location. Our 27 (or so) other users have tested for weeks and cannot replicate
the problem. Alll their sessions work perfectly.

Yesterday, I added some code to set a cookie on each browser at login time so
I could keep track of what was going on, i.e., so I could compare the username
set in the cookie at login with the getauthuser() value after login. My
thought was that I'd be able to catch a hijacked session and see a mismatch
between the cookie and the getauthuser(). No luck ... after User B presents
his User B login credentials, the page tells him that both his cookie value and
getauthuser value are those of User A. I guess there's some proxy server
caching the cookies rather than letting them get to the browser??

Am open to any suggestions ... I'm baffled, and a little out of my league on
this problem. I can sling code, but I'm not a packet-rat. Thanks in advance
to any takers!

Ever seen this before? Any idea what could be happening??:confused;