Because the identity component is session scoped, this doesn't seem to be possible - e.g. I open multiple tabs on a single browser, where each tab represents a different user logging into my application. How can I make this work to support multiple users (other than rewriting the identity component)? If this doesn't work for the identity component, does it make sense for me to make a request to support this?
I guess if you disabled cookies then you would get the kind of behaviour that you described, however this issue is more to do with session management than security, and we would not make any changes to the security API to support this kind of thing.