This is a MAJOR security hole.

If one user A logs into roundup and is in the process of 
creating an issue but has not yet hit "submit" and 
meanwhile another user B happens to log in, then user A's 
issue is created as if he was B -- in general, A's entire 
session becomes as if his identity became B, including for 
example, the "Hello, A" text miraculously turning into 
"Hello, B"

And when multiple users are trying to use the tracker 
simultaneously, complete chaos results, as it did when I 
was trying to tutor 8 people simultaneously to use the 
tracker.

To reproduce, visit www.hotchips.org:8088/coolchips
and repeat the steps described above, with A = 
suds/suds and B = admin/admin or vice-versa.

Please contact me at suds@sudhakar.net if needed.