Is there a way to impersonate a user?

Example:

1. User with role "manager" logins
2. The manager select ordinary user from a combo.
3. Now the selected user data is used in User::create() and the Dashboards are reloaded to reflect this user permissions.
4. On ordinary user logout, the same proccess will occur to go back to manager Dashboards.

I guess the questions are:

1. A new User::create() can replace a previous created user?
2. If yes, how to refresh all dashboard, including App menu, to reflect this new user permissions?
3. If not, the best second option would be to open a new windows with selected user credentials as params to autologin. So, in this case, can Dashboard be configured to be able to hold login in multiple accounts in the same browser without logout the other user? Maybe with a different subdomain?

I just tested concorrent logins in another subdomain and it works.

Just to let people know...

To get concorrent login, the general idea was that I have passed the $username to the window.open URL so I can $_GET['username'] after in the index and pass it into the login proccess. For the password, I did a OTP like session cookie that I can use when I find a username in the URL.