jstests/multiVersion/libs/multi_rs.js has two distinct issues around authentication:

1. ReplSetTest.prototype.reconnect() replaces the connection in the nodes array with a new connection. Any non-function properties on the original connection object are copied over to the new connection object. This includes the '_defaultSession' property which is a DriverSession object bound to the original connection object and leads to commands being sent through the original connection object despite methods being called on DB objects from the new connection object.
2. ReplSetTest.prototype.upgradePrimary() calls waitForState() which internally uses asCluster() on the current primary or first node in the replica set and will run the logout command. This has been addressed on more recent branches via SERVER-53812 by having asCluster() not call authutil.asCluster() when the connection is already authenticated.