If you let the browser manage credentials, only 1 "session" / "user" is active at a given time, unless you:

Use different orgins / domains per user. Manage the requests and session/authentication tokens yourself by manually setting headers. Use a different cookie name for each user