This approach would probably not work. When using basic authentication, the browser caches the password and resends it every time the browser visits a new page.

If you change the .htpasswd file then it could easily lock out a singleton user as well.

Even if Apache Server caches its own copy of the password, my understanding is that a server can dump its cache.

It is easier to ride the horse in the direction it is going, as Ken Kesey used to say. Basic authentication doesn't test for duplicate logins and convoluted hacks to get it to do so are not a fruitful path to pursue.

Update: Another issue is that if Apache does cache the password then changing the .htpasswd file won't accomplish anything. Duplicate users will still be able to get in because Apache won't know that the .htpasswd file has been temporarily changed.