We have a system where administrators can 'impersonate' end-users. We use the SwitchUserFilter to accomplish this. However while impersonating, we want the administrators to have access to both the end-user views and the administration views. This was easy to accomplish, but it does mean that while impersonating an end-user, the administrator can use the administration views to impersonate another user. This currently results in 'nested' impersonations, e.g. admin1 -> user1 -> user2 -> user3. This works fine, except when the administrator attempts to exit the impersonation. Since the 'switches' are nested, they have to visit the 'exit' URL multiple times before they get back to their default admin-only view.
My suggestion for addressing this is to add an ability to prevent the nested switches. When attempting a switch, the code would check to see if a switch is already in place, and if so, it would exit the existing switch before processing the new switch request.
Alternatively, there could be an ability to perform an 'exit all' instead of just 'exit', which would exit all nested switches in a single operation.