Access allowed when it should be denied

Strange. APM uses session based cookies. When successfully authenticated it is limited to the scope of a specific browser session. What happens if you open different browser types (IE, Firefox, Chrome) and login to APM? The expected behavior would be that you have to login once for each browser.