This is a reply to comment:21:ticket:8545:
The #10826 is a proof that while implemented solution in #8545 might fix some problems it is still a hack.
A good fix will require documenting authentication process properly, covering two user stories.
1. How does Trac detects authenticated users internally?
2. How different components authenticate users at the same time?
The next step is decouple REMOTE_USER (external auth) from Trac Auth plugins (internal auth) and provide internal auth API that will solve the following problems:
1. check if user is already authenticated
2. authenticate user
3. audit authentication process
4. skip authentication if 1. is true