Environment:
Server: centos 7.2, httpd 2.4.6, mod_fcgid 2.3.9, php 5.4.16, mariadb 5.5.44.
Client: Windows 7 x64 Ultimate SP1 german with all deliverd patches applied, Browser Chrome 47.0.2526.106 m (64-bit)

I did a clean install using a sitename\vhost alias which did not exist before, using a fresh created database with a database name never used before, as database user root with the following line:

create database j348 character set 'utf8' collate 'utf8_general_ci';

Super administrator name is admin, database table prefix is jos_. In finilisation state i installed the "Test English (GB) Sample Data". After installation finished, i deleted the installation folder in the website root directory. I did not change any configuration option, so caching or whatsoever was not touched. I tested that the website frontend is showing up by opening the home page of that site in the browser, which showed the expected sample content.

I've did this to ensure that in no case anyone else created a session or logged in into this site before. So solving this issue by clearing caches, by logging out and in again as admin or clearing the session table in the database is impossible.

After this installation, without having done any other action in the backend, I'm doing the following steps to reproduce the issue:

1. Login in the backend using the user admin
2. Go to the content article list
3. Click on the title of the first article "Popular Tags" -> Article is opening in edit view
4. In the article edit view click on the button titled "Save & Close" -> The view changes to the article table view
5. Click again on the same article title named "Popular Tags"

After step five I'm getting the error message:

Error
You are not permitted to use that link to directly access that page (#72).

If I try again to click on the article, no error message is displayed. The article list view of com_content is simply refreshed.

Some additional notes:

a) We are not using php directly as cgi binary or via mod_php, We are using mod_fcgid, which caused no problems so far
b) We are observing this issue since update 3.4.6
c) The issue does not occur if (instead of clicking the article title to open the article edit view) I'm checking the checkbox left to the article in the article list and then open the article editor view by clicking on the "Edit" button.
d) If I click on the title of another article, this article does open in edit mode for the first time, but after finishing editing it does also show the bug for subsequent clicks on the title as described in steps 1 to 5. So the session somehow saves the defective state of the articles
e) After logging out and logging in again in the backend, the defective state is lost and I'm able to run again through steps 1 to 5 to reproduce the issue again.
f) There are no errors in the webserver logs and no core dumps.
g) I know there were/are similar issues which have to do with sessions not being deleted after updates, but this is a clean/fresh install with no history and minimal user actions as possible to avoid other effects.

I'll be glad to help reproducing the issue by testing patches/updates.

Regards
Dietrich