Hi Wouter, browsers has the behavior to share sessions information through different tabs. Basically the user has logged in just once and get the session. The session info is stored at the dynamic browser cache and when a new tab is opened that cache is used and therefor a user can perform multiple tasks.
To check if the user can login multiple times is to open the browser normally and in incognito mode. The incognito mode isn't able to use the cache of the normal browser.