I noticed the following oddities with the variable $_SESSION['CiviCRM']['userID'] which, correct me if I'm wrong, should always represent the contact ID of the current user.
1) It was reported here (http://drupal.org/node/1341614) that the value does not get updated when switching users
2) When following a hashed link to a contribution page (and, I suspect, other profile-based pages) the form will be auto-filled based on the cid in the url and the contribution will be attributed to that contact, even if the user is logged-in as someone else. This strikes me as the correct behavior, certainly it's exactly what I wanted it to do during our recent fundraiser where a volunteer (logged in as himself), would be accepting credit card donations over the phone. I accomplished this by generating a hashed link to our public contribution page and the volunteer would follow that link and be brought to the credit card donation page pre-filled for the donor he was talking to.
This all worked perfectly except for one glitch. The volunteer would then find himself identified to Civi as the donor he had just talked to, because his $_SESSION variable had been updated to her contact id.
Is this something that can/should get fixed?