Can you create a reproducible test case where 2 separate browsers can get the same fingerprint?
Is your example that you reproduce locally on the same browser session?
To actionhero, I think that would share the fingerprint. Perhaps you can clear the __browserFingerprint cookie when a user logs out (or when you navigate to the login screen)? That should regenerate on the server side.
Will keep following this thread, it's an interesting one! Keep us posted what you find out : )