The current username is embedded in __VIEWSTATE when the Page is rendered to the browser. When a postback occurs, the anti-XSRF logic checks that the current username matches what is embedded in the submitted __VIEWSTATE. So it is expected that changing the logged-in user in the middle of a workflow (with postbacks) will result in errors. This error should not occur if the user is simply navigating around the site.
If you check the server logs, you'll see that the users were indeed performing postbacks to the pages where failures occurred. The XSRF logic is already conditioned on an "if (IsPostBack)" check. You can verify this for yourself by looking at the Site.master codebehind file.