Is there a way to easily switch users on the browser? I still need frequent admin access to finish configuration, hence have to logout and in with my normal user or use another browser with it.
Apologies if this is the wrong section, I didn’t find suitable to post this in General. I haven’t found answers googling or on the forum.
Sure my Firefox 151.0 (64-Bit) on my Debian 13 Notebook allows that.
That is unfortunately an unsuitable answer as obviously private mode will delete cookies, forcing a new login. Many websites offer profiles inside the same browser session, I guess Nextcloud just doesn’t (unlike its Desktop app which does)?
It works for the purpose you was asking for. Private mode will delete cookies after closing FF. So for duration of FF session they will be kept. Also you may setup exceptions for what will be deleted in FF settings.
Oh an i am using 95% private FF mode. Also right now to wrote this and as you can see also this forum is usable in FF private mode
Hi @Yosyp
The comparison with the desktop client is understandable, but the two work fundamentally differently under the hood.
The desktop client does not use session cookies at all. It authenticates with app tokens — essentially a form of Basic Auth. Each configured account gets its own independent token, and multiple tokens can coexist without conflict because every request carries its own credentials. There is no shared session state.
A browser is different. A session cookie grants access to an entire session — once you are logged in, every tab you open in that browser profile authenticates automatically via that one cookie. That is exactly what makes it convenient, and exactly what makes having two cookies simultaneously a huge security problem: a stolen cookie would give an attacker full session access. This is not a limitation Nextcloud could easily lift — it is how browser-based authentication works across the web.
A session cookie is identified by a fixed name scoped to the domain — there can only be one value under that name at a time. A second login simply overwrites it.
Multiple active sessions in the same browser profile are therefore intentionally not supported — and in virtually every other web service either. If multiple cookies could be valid at the same time, a stolen session cookie gives an attacker full access as that user — the server has no way to tell their requests apart from yours.
The cleanest solution for the use case you describe is browser profiles. Firefox, Chrome, and Edge all support them: each profile has its own cookie storage, so you can have two browser windows open with different accounts simultaneously. This is the approach I would generally recommend.
Personally, I use the Impersonate app for this, because I don’t want to maintain an additional browser profile — browser profiles also quickly start consuming a significant amount of memory.
The workflow: log in as admin, open the user list, and click Impersonate for the desired account. The browser switches into that user’s session. To switch back: simply log out of the impersonated account — and you are automatically back in your admin session, no re-login required.
One limitation: the Impersonate app only works in one direction. You start as admin and switch to a user, not the other way around.
h.t.h.
ernolf
Dear @ernolf, i would like to understand more about. What you wrote about the use of session cookies is clear. But for my understanding and testing any private mode Window of FF can’t access the the session cookies of the standard mode FF window.
If i am login in my NC with standard mode FF and then open the private mode FF the session cookies are not present in FF private mode and i need to login again info NC-Server. So it creates a similar effect like two browser profiles or whatever the Impersonate app will do.
Out of interest, could you give a few examples of such websites?
With the latest Firefox 151, you can now set up multiple profiles directly through the UI: Manage Firefox profiles | Firefox Help
This allows you to create separate profiles for admin tasks and personal accounts and easily switch between them as needed.
Whether it’s a good idea to stay permanently logged in everywhere (especially in admin accounts) is another question, though. From a security perspective, I’m not sure I’d recommend that, but in the end, that’s something you’ll have to decide for yourself.
Dear @bb77, i do not think @Yosyp will need this to stay permanently logged in since he wrote:
My personal interpretation is that the double login is only required during installation so that he can immediately check what impact this has on users’ regular accounts, without the need to logout and login permanetly between accounts of user and admin.
Then why is it an issue that the cookies get deleted in private mode?
And even if they don’t want to use private mode, they could always have used multiple browsers if they wanted to keep multiple sessions open at the same time. Or they could have used Chrome/Chromium, which has supported multiple profiles for quite a while already. Firefox, by the way, has also supported profiles for a long time, they just weren’t particularly easy to manage.
Nevertheless, with the new profile feature in Firefox, all of that should no longer really be an issue. 
But then you only reduce the required number of sessions from three to two — still one too many for a single browser profile. Unless, of course, you also use the admin account as your regular, day-to-day user account.
I can easily switch between my different email addresses on Outlook, the same way Google does. There’s other websites that don’t come to mind.
Correct!
I can easily switch between my different email addresses on Outlook, the same way Google does. There’s other websites that don’t come to mind.
Correct!
I don’t see why you’re pushing this much for private mode: I could just use a different browser altogether (which, as a workaround, I currently do) without the hassle of loggin in every time, which
I can easily switch between my different email addresses on Outlook, the same way Google does. There’s other websites that don’t come to mind.
Correct!
I don’t see why you’re all pushing this much for private mode: I could just use a different browser altogether (which, as a workaround, I currently do) without the hassle of loggin in every time, which
is not ideal.
The problem with a new browser is that it’s an entirely new window that I have to manage, compared to a single pinned or grouped tab.
I explained why: I think you should log in each time anyway, because from a security perspective, keeping a permanent session for your admin account stored in the browser isn’t exactly a great idea. And since you only need it when setting up new users or doing occasional administrative tasks, it shouldn’t really be a major inconvenience.
Also, as I mentioned, Firefox now supports multiple profiles directly through the UI. So you could simply create a separate profile for admin work while remaining logged into your normal account in your default profile.
However, even with these separate profiles, I’d still recommend logging out of the admin account once you’ve finished your administrative tasks. But in the end, that’s of course your decision.
This is where you are wrong: I don’t need it occasionally, I am still in the middle of configuring everything, hence I need a permanent session I can finally log out a single time from, at the end of my tasks.
Beside, I appreciate the effort to highlight vulnerabilities, but it doesn’t answer my question.
I would also like to remind that Nextcloud offers IP-based restrictive access to administrative rights, which I already implemented, so even if my cookies were to be stolen, they will have another swiss chese slice to go through.
Multiple profiles would not entirely fix the issue, as they are still a new window. I’m not looking for fixes anymore, just answers. And the answer is: I can’t. I will have to use either different profiles (I use Brave), or a different browser altogether. Won’t be a huge hassle.
The answer is simple: what you want is not possible with Nextcloud.
What you can do, however, is reduce the number of sessions from three (your normal account, the admin account, and the account of the user you are setting up) to two (your normal account and the admin account) by using the Impersonate app, as @ernolf already suggested. It allows you to impersonate other users on the Nextcloud server from the admin account without having to log in as them directly.
To keep the admin and your normal user account open simultaneously, you still need to use either multiple browser profiles, private/incognito mode, or separate browsers, though.
Oh, and I “pushed” for private/incognito mode because I think being logged out after closing the window is actually a useful feature in this context. Also, I don’t see a problem with logging into the admin account once or twice a day, but maybe that’s just me.
EDIT:
I just noticed that you also came to the conclusion in your last section that it’s not possible. So I guess there’s nothing more to add here — except that if you really want this feature, you could consider opening a feature request on GitHub. I assume, however, that this is not something that can be implemented overnight.
By the way, even with Google the feature has certain, let’s say, limitations. See the section “Sometimes settings might carry over” here: Google Support article
I have multiple browsers on my system as an easy way to be logged in with multiple accounts. I have Duck Duck Go specifically for when I may need to clear a cache, Firefox, Edge, and Chrome. By using separate browsers, the cookies stay and are not in conflict with another session in another browser.
Hope this helps.
Interesting, thanks. Not having neither Outlook nor Google accounts of any kind, I was not aware of this.
I can see why some people might find it convenient, but honestly, seems a bit risky to me, at least on computers that might get shared between different people and browsers that are not locked into private mode (a completely different world than the one I live in, mind).
In that case, I believe all the options have already been listed. What I can think of:
I use Firefox containers frequently for this exact problem and it works exceptionally well. You can use manually created containers, or use the Temporary containers FF extension.
Chromium based browsers don’t have the type of containerization that Firefox does as far as I know.
Containers work great for me on Librewolf for this. 
