In reproducible situations php global SERVER_PORT includes an unreliable value when apache got configured with the UseCanonicalName directive.
This leads to problems when an clients logs in and clicks on the attach file icon which opens the media manager.
The login is done with an value of port 8080 while the media manager is called with port 80. The secured authentication token is not more recognized and the user got no access. This behavior can be caused with all browsers but is browser specific.
An possible solution would be to rely on other information to generate the hashed cookie name.
Maybe this bug has something todo with FS#2254