2
you mean they're logging in in a username other than their own? so they're logged into somebody elses account?
u cud change the name of the session completely, that will make existing cookies invalid, so users will be issued a new 1 when they login..
have u any caching on the login blocks? if so, turn it off.. just a thought, u may already have thought abt that, but worth tryin..