We see this problem in the new milestone release of Confluence which is using seraph-34.
I can't say with certainty what the problem is because I've not had time to investigate too far, but I think it might be related to the changeset -
http://svn.atlassian.com/fisheye/changelog/public/atlassian/seraph?cs=14612
The steps to reproduce in Confluence (2.8-m5) -
1) log in and set the cookie (remember me)
2) logout
3) follow the presented link to login again (login.action)
4) You will be told you are already authenticated and don't need to login again.
I checked the cookies and they are being cleared by the logout, so the problem could be that information is being retained in the Session?