[horde] Identity mixup

[Brandon Macdonald]

I have recently encountered a somewhat troubling issue with Horde and
Imp.  It seems two of my users have on several occasions logged in to
find the identity listed for them is actually the other persons
identity.  For example when Bob logged in to domain.com's imp he got a
"Welcome Frank at domain.com" and Frank recieved a similarly backwards
"Welcome Bob at domain.com".  Frank, at one time, even got "Welcome
frank at domain.combob@domain.com" or something similar.  Sound strange? 
It gets better.

As one would expect not just the welcome message was mixed up.  Indeed
Frank had all of Bob's identities.  This became a serious issue when
Frank sent an e-mail, the from address was Bob at domain.com and suddenly
Bob was reading Frank's private correspondence - not good!

Some quick background details:
php 4.2.3 (with that segfault bug fix patch installed)
horde 2.1-3
imp 3.1-2
turba 1.1-2
postgresql 7.2.1-5

I took a look at the database directly and confirmed that Bob's
identities were listed under Frank's uid in the pref_uid field of
horde_prefs.  I can't say for sure what other prefs might have also been
transposed because it is only the identities that stand out as obviously
wrong.

** An aside - possibly relevant - Frank's uid is actually
frank at domain.com@domain.com because he logs in with a fully qualified
username and the realm is being added to his uid.  Am I missing
something or is there a way to selectively add the realm only in cases
where they haven't qualified the domain in their login? **

I'm fairly certain there are only 3 users right now who regularly use
the webmail - myself, Frank and Bob.  I have never seen any problem like
this with my account.

So, the million dollar question:  How is this happening and more
importantly how can I prevent it from happening again?   Has anyone else
seen anything like this?

Thanks in advance for your time and I hope you can help me out!

Brandon