We think we've got to the bottom of this. AOL uses a system of proxy servers to serve pages. These are useful devices that "cache" pages and lighten the load on the internet. It means for example that if 10 people ask for www.mumsnet.com, AOL asks us for it once and then gives it to the 10 people.
The problem is our talk pages are in a sense "private" - they may have your login details in them, they might be your watched threads etc, and we don't want AOL to cache them and share them about the place. So we set a "don't cache" header in our responses when AOL requests a page.
The way we've always done this in the past is to set a header to say effectively "this page is always out of date - always ask for a new one, don't cache it". Caches will just pass the response page back and never store it.
We think what happened in this case is that the same AOL proxy server saw two requests for the same page at the same time (from JV and ML), but just requested one response and gave it to both people. As the response included JV's "token" that said she'd logged in, both people were from then on effectively logged in as JV. In one sense it didn't strictly "cache" the page so was obeying the letter of the instruction, but it did do something unexpected by giving a "volatile" page to two people. I've never seen that happen before.
In any case, to prevent it happening again, we've added an extra header to the pages. This says "Cache-control: private" - which means "never store this page in any shared cache whatsoever". We hope that will stop AOL from ever giving the same response to two people even if they ask for the same page at exactly the same time.