Sounds like you’re application is saving the users tokens in the session. You need to save access_token and access_token_secret outside of the session. First question, is the application yours and only yours, or is it released for public use?
If it’s yours and you’re simply using it on localhost put the tokens in a cookie. You could also put the tokens in your server side configuration, but a cookie allows you to delete the cookie and log in as a different user. It sounds like you’re still early in development and this may be your best bet at this point.
If it is a public application, I think you need to store the access token secrets in a server side database, and the access tokens in a cookie. There are many security issues involved with storing the access tokens, and any sort of multiuser system is beyond my pay grade.
