When you use the api.access.deny() method, it will deny users from logging in, but their session will remain intact. So, in subsequent login attempts, the user will continuously be sent to the error page (http://localhost:3000/api/auth/callback?error=access_denied&error_description=access%20denied.&state=eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJ9) until the user logs out.
That said, you will need to log the user out whenever they have been denied access to kill the session. This way, they can try logging in again with another user. To do so, please redirect your users to the /v2/logout endpoint.
See this knowledge solution as a reference.
Thanks,
Rueben