Your case B is almost surely a really bad idea:
They login and their individual state persists each time they login because of a *local* storage system.
You have just put your entire system--your entire database--at risk because you have NO CONTROL AT ALL over the security of a user's local storage system.
Unless your understanding of "local storage system" and mine are widely different, I would never allow this option.
Oh...and for an INTRANET scenario, if you trust your network security, you really wouldn't even need users to login: You could just inspect their IP address and connect them accordingly. Or use some other kind of integrated authentication, depending on the kind of network and the operating system(s) in use.