The traditional way to handle the session will not work for multiuser on same browser.
To go for simple ways, you can work with JWT where you don't start the session but the tokens handle all the authorization.
So once a user logs in, you will provide a token.
save that token as array in localStorage of browser and use for subsequent requests.
If another user logs in, push new token to that array and keep a way to separate both of them.
You can a bit complex object to store in localStorage like as follows:
localStore = {
users: {
active: {
id: 1,
name: 'xxxxxx xxxxx' || {},
token: 'xxxxxxxxxxxxxxxx.....xxxx'
},
others: [
{
id: 2,
name: 'xxxxxx xxxxx' || {},
token: 'xxxxxxxxxxxxxxxx.....xxxx'
},
{
id: 3,
name: 'xxxxxx xxxxx' || {},
token: 'xxxxxxxxxxxxxxxx.....xxxx'
},
],
}
}
But this above method will only allow one user to actively use the app.
To enable all separate things for the app in same browser, use sessionStorage to store the user and can go like this:
sessionStore = {
user: {
id: 1,
name: 'xxxxxx xxxxx' || {},
token: 'xxxxxxxxxxxxxxxx.....xxxx',
}
}
You can follow stackoverflow.com/a/32766809/759045 if you need to communicate between two tabs as well.
And to see how Storages in Browser work, you can take a look at time2hack.com/2014/12/browser-storage-and-angular…
P.S. I wrote this article explaining storages and the use of it with AngularJS. I think half of the article will be helpful if you are not looking for AngularJS.