Authenticated into Confluence as wrong user

[Jim Stoll]

For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 
(as per instructions here: 
http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1), 
has anyone ever experienced the situation where users get into 
Confluence as the wrong user?

The basic scenario is:
1. User makes initial request to https://wiki.our.site/dashboard.action, 
and is taken to our 'public' wiki page (ie, unauthenticated users can 
see the initial dashboard page)
2. User clicks the 'Log In' link from the Confluence dashboard page
3. User is redirected to the CAS login page
4. User enters their own username and password and logs in through CAS
5. User is taken into Confluence as another user entirely (ie, the 
Dashboard shows the wrong user name, and the user is in another user's 
permission scheme - can see content they shouldn't see, and can't see 
content they should see)

I am currently unable to reproduce the problem at will, but we have had 
two users experience this in the past week (that we're aware of, I 
suspect there have probably been other occurrences we're not aware of, 
though I have yet to find a way to identify this type of situation in 
the logs). In the two cases I'm aware of, the 'wrong' user that the 
person was authenticated into Confluence as, had never previously been 
on the client machine that experienced the problem. (just FYI). We have 
other applications that are CAS-ified (mixture of PHP and Java clients), 
and we haven't yet seen this behavior on those.

I'd appreciate any help, insight or advice, as this is a pretty serious 
situation for us.

Thanks!

Jim