Different clients receive the message when connecting to the webapp, before entering credentials: "session has been resumed"
At the bottom of the webconsole he saw the user ID of a colleague not his own and also https://localhost instead of the IP of the oneclick server.
We confirmed that the other user had been kicked out with "same session was started in another window" message.
This is a security issue which is very serious for the customer.
Release : 20.2
OC webapp clients that connect via a load balancer.