That is true indeed. Sessions are stored using cookies, and cookies are shared among every tab in the same browser as long as the url is the same (if you wonder why: it would be even more annoying if you had to log in again if you opened a new tab of the same app in the same browser!).
So if you want to test two users at the same url you need to different browsers. Note that this holds for almost any web application.
While I am not entirely sure about the technical details behind it (I suspect others can provide you more details on that), your observation is essentially correct. Basically you can have one session per browser, and if you start a new session in the same browser it will replace the old one. It's not something which is specific to the License Pool Manager, but something which applies in general to Mendix applications.
It indeed meant I ended up having to run Opera, Chrome, Internet Explorer and Firefox at once to test the login functionality when developing the LPM.
Assuming I understood your issue correctly anyways; however since the LPM does not change the way sessions work in Mendix applications but just provides extra checks if the user is authorized to login based on the limitations implemented by the Server/Pool administrator, I assume it's the above issue you are coping with.
Thanks for the answers. I've mentioned LPM as it has been a bit problematic, so I just wondered if it was another sympton I hadn't seen yet. The browser beahviour mentioned bt Sjoerd is spot on what I am verifying here. I understand what Michel is saying about sharing the cookies and not having to login again, but from a security point of view I would expect that if I open a new tab on a secured area I would be asked to enter some security details. I'll try a multi browser test. Thanks for replies. LR.