Summary of this one: if you sign out / in on another tab, you can get this on your original tab because the iframe can only see your ArcGIS cookie....and you can only have one of those (it'll always be the latest login you had). When you're seeing this, I suspect you've changed auth in another tab of your browser.
More details: Hub holds onto your auth a different way that can remember a login-per-tab but this way is inaccessible to iframes due to how browsers work. The reason we juggle auth and use the cookie from iframes we have customers 1) iframe private content in 2) in private sites that are 3) running on different domains from arcgis.com (phew). It's sub optimal and we have a longer term solution in mind but that involves passing auth from the parent app to the child app in the iframe through a well known way--which means every app needs to have a bit of extra magic to make it work without using this bridge / cookie solution.
I'm sorry you're having this issue and know that we take it seriously but we don't want to take away custom domain support from our users and we want people allow people to share their sites privately with private embedded content. Right now (for the time being) we're dependent on the cookie for iframes where the rest of the app can support multiple logins.
