Are you passing any parameters to the /oauth/authorize redirect? Can you provide a URL where I can reproduce 
the issue?

Sure. You can try it out for example at: http://itunes-for-bay-kids.tivix.com/ (make sure you're already 
logged in with a account), then click "login with twitter" at the top, and login with another account. When you 
return back to the site, you would see login details with the account you were already logged in with.

Its not a bug with my code (afaik) since I've tried on my dev box, and sessions are in-memory, have killed 
memcache etc. You'll notice the bug even when you try the app for the first time (I obviously log in/out all 
day!).

Request looks like:

http://twitter.com/oauth/authorize?
oauth_nonce=87111693&oauth_timestamp=1246396578&oauth_consumer_key=MoGEVU51QjDtcrix4vzCA&
oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=ToNvfrx6NjBsVqYsyvvlJyR3w8yJ8bJFUZkWFWs14&oauth_signature=S8
2symjohq05dlKiI8nRfDcT1%2BQ%3D

I went through the flow from http://itunes-for-bay-kids.tivix.com/ and there are a few things:

1. The URL you redirect the user to should only have the oauth_token parameter.
  - The others (and signature) are needed for server-to-server communication, but not for the redirect.
2. You're redirecting to /oauth/authorize … this will display the Approve/Deny page every time.
  - If you redirect to /oauth/authenticate it will automatically direct people back to your site if they are logged 
in to twitter.com and have approved you application.

It still should not be prompting for the username/password. Please correct the issues above and let's see if 
it's still happening. I'll keep the issue open.

Making these changes resolved the problem.

I still feel that if the application redirects to /oauth/authorize and user enters *a* username/password, that 
should be respected, over automagically logging them in with the account they are already logged in with.

Thanks for the help! (also might wanna add the /authenticate/ url to the twitter.com/oauth/ app details page)

I still need to find out what's causing the problem … adding parameters should not do that. Getting this 
feedback was mostly to help figure out the root cause and help me judge the severity of the issue. Still working 
from my previous comment: "It still should not be prompting for the username/password"

Cool. It wasn't earlier... started happening last 5-10 days I think (no code change on my end).

Hope that helps.

I think I found the root cause of the problem. Working on a fix now.

Fix completed and awaiting review/deploy.

Very cool. You guys are  very responsive... am impressed! Thanks and have a good weekend!

Fix deployed.