I'm logging in users via REST in my .NET application. For that in the web browser control constructor I do the following:
string server = "https://login.salesforce.com/";
var authURI = new StringBuilder();
authURI.Append(server + "services/oauth2/authorize?");
authURI.Append("&client_id=" + clientID);
authURI.Append("&redirect_uri=" + redirectURL);
This works fine, the user is being presented the standard sfdc login screen, he/she logs in, I do all the flow to get the security token and the user is able to work with SFDC.
Interesting stuff happens after the user logs out, and tries to log in again (e.g. under a different name). At this point, the security token (sessionId) has been revoked (I checked). He/she clicks the login button, the code above runs again, but instead of showing the SFDC login UI again, salesforce just logs the user in automatically and redirects to the redirect URI, kicking off the login flow. Thus the user has no way to log in under different credentials... I was sure it was because of some cookie SFDC leaves behind, but after deleting all the cookies the user still gets logged in automatically... I also do this.Close(); this.Dispose(); on the WebBrowser control after logging in, so the next time it's instantiated - it's a brand new control...