the upstream code thinks it can do all the login work itself, just doing setuid, initgroups, etc. when instead it should have been patched to use setusercontext.
the upshot is if you define your env in ~/login_conf :setenv, when you rdp into your account, your env doesn't match what it is when you ssh in.
the temporary workaround is to use `exec env -U "$USER" i3` in xrdp's startwm.sh file instead of just `exec i3`.
*** Bug 250850 has been marked as a duplicate of this bug. ***
The right fix here, I believe, is to patch env_set_user (in sesman/env.c) to use setusercontext in place of doing retail setuid, setgid, initgroups etc. calls.
But I don't use this myself so I haven't written or tested it, I just helped the OP with the workaround via IRC.
Oh, and also note that env -U username does not work in 12.1, though it does in 12.2 and 11.4.
the workaround also only works if it's in your user home. the workaround in /usr/local/etc/xrdp/startwm.sh doesn't work.