[OPEN-ILS-DEV] Duplicate authtokens

[Bill Ott]

I'm not sure this if this is a bug, as I haven't totally wrapped my mind 
around it, but we've had some bizarre behavior that I wanted to put on 
the radar.

Ever since we upgraded to 2.11 in Dec., we've had occasional situations 
where our automated book drops would start reporting the wrong OU on 
checkin.  The WS name would be correct, but not the OU.  A restart of 
the book drop service would correct it.  I hadn't reported it because I 
thought it may have something to do with our custom services.

Today I found the smoking gun in the logs.  Drops restart every morning 
at 06:00.  They are using the same user, but different WS values.  The 
logs showed 4 drops all with the same authtoken. When retrieving the 
ws_ou by authtoken, you'd get the OU based on the first WS value.

I'm not sure if this is something with the new auth code, and we can't 
reproduce it manually, but it seems that there's something about 
requesting multiple logins using the same user at the same moment that 
causes authtokens to be reused, even though the WS is different.

We've now created new distinct users for each drop and I suspect that 
will prevent us from seeing this, but it seemed worth mentioning.