diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
index 2d1160ab..f2dcfde3 100644
--- a/pages/api/auth/[...nextauth].js
+++ b/pages/api/auth/[...nextauth].js
@@ -91,15 +91,14 @@ function getCallbacks (req, res) {
         token.sub = Number(token.id)
       }
 
-      // response is only defined during signup/login
+      // this only runs during a signup/login because response is only defined during signup/login
+      // and will add the multi_auth cookies for the user we just logged in as
       if (req && res) {
         req = new NodeNextRequest(req)
         res = new NodeNextResponse(res)
         const secret = process.env.NEXTAUTH_SECRET
         const jwt = await encodeJWT({ token, secret })
         const me = await prisma.user.findUnique({ where: { id: token.id } })
-        // we set multi_auth cookies on login/signup with only one user so the rest of the code doesn't
-        // have to consider the case where they aren't set yet because account switching wasn't used yet
         setMultiAuthCookies(req, res, { ...me, jwt })
       }
 
@@ -165,13 +164,15 @@ async function pubkeyAuth (credentials, req, res, pubkeyColumnName) {
       // does the pubkey already exist in our db?
       let user = await prisma.user.findUnique({ where: { [pubkeyColumnName]: pubkey } })
 
-      // get token if it exists
+      // make following code aware of cookie pointer for account switching
       req = multiAuthMiddleware(req)
+      // token will be undefined if we're not logged in at all or if we switched to anon
       const token = await getToken({ req })
       if (!user) {
         // we have not seen this pubkey before
 
-        // only update our pubkey if we're not currently trying to add a new account
+        // only update our pubkey if we're logged in (token exists)
+        // and we're not currently trying to add a new account
         if (token?.id && !multiAuth) {
           user = await prisma.user.update({ where: { id: token.id }, data: { [pubkeyColumnName]: pubkey } })
         } else {
@@ -180,17 +181,6 @@ async function pubkeyAuth (credentials, req, res, pubkeyColumnName) {
         }
       }
 
-      if (token && token?.id !== user.id && multiAuth) {
-        // we're logged in as a different user than the one we're authenticating as
-        // and we want to add a new account. this means we want to add this account
-        // to our list of accounts for switching between so we issue a new JWT and
-        // update the cookies for multi-authentication.
-        const secret = process.env.NEXTAUTH_SECRET
-        const userJWT = await encodeJWT({ token: { id: user.id, name: user.name, email: user.email }, secret })
-        setMultiAuthCookies(req, res, { ...user, jwt: userJWT })
-        return token
-      }
-
       return user
     }
   } catch (error) {