Need advice for best way to switch user


Need some help to figure this out. First a little background. I have a customer who want’s to use smart cards for basicly any operation that can be performed in the application.

So far I successfully read the smart card using a reader with PCSC interface. The first time a user scan’s his/her the card is verified by the gateway using a sendRequest command. If none or another user is logged in when the card is scanned a popup is shown where the PIN can be entered and the PIN is then verified by the card. So far so good.

Now, only having the card id (for now atleast, haven’t really decided how to link cards and users in ignition yet), how is the best way to switch user when e.g. user A is logged in and user B scans his card and enters correct PIN? I don’t really have the users password (or username for that matter without looking it up) and storing it on the card seems just wrong.