Under some conditions user can be logged with different account with same password.
vulners.com/securityvulns/securityvulns:doc:18791