Laravel 8 users strange logged as other users

Question

Stack: Laravel 8, php 8.0.12. Session lifetime in .env was 25 days, now we have reduced it to 2 hours. Sessions stored in Redis. We got balancer and 2 backed nodes.

Things went really messy, please read thoroughly all the explanation below.

About 2 month ago we faced strange problem with Intercom messenger (intercom.com). Both unauthorized and authorized users sometimes (1 case per 300-500 conversations) started to see chats of other users (all conversations with messages of clients and support. This disaster may lead to leakage of some confidential info!). We thought that this is an intercom bug because we couldn't find a way to replicate this - sessions, ip addresses, emails, tokens - nothing of all are overlapping.

We tried to solve this issue with Intercom support - they said that its not their bug but for the next 2 weeks this strange behavior stopped. 3 days ago it started again (3-5 cases per day).

This morning things go down even further, one of our users (lets imagine he has email [email protected]) texted to our support team (in intercom he identified correctly as [email protected]), but the scary part is that he logged to Personal Area (on our site) of another user (let it be [email protected]) and attached proofs. This situation moved us to thinking that we have leaks or collisions in sessions that include both bugs.

And we have no idea how can it be.

Maybe anyone heard anything like this?