I’m wondering is it possible to set a remote session (over lan - don’t need wan access) for a remote user in a way that would not interrupt work being done by the person “physically” sitting next to workstation and using it? And is it doable with Xrdp (as I’ve read several suggestions that when it comes to remote desktop rdp is the way to go)?
In other words - user A sits and works in Xfce for example, while user B connects remotely and does the work in separate Xfce session (without logging out user A and interrupting his/her work).
I may not understand your question correctly. That may be because what I think you ask is so basic for Unix/Linux that I wonder if you mean what I think you ask, or something else.
Unix/Linux is a multi user and multi session operating system. Which means that tens (on large systems maybe even hunderds) of users can be using (loged in) into the system all at the same (or different) time.
On a Linux system there can even be more then one session active on the local keyboard/mouse//monitor of the PC itself.
There is one thing though on a Linux system. The person using the local keyboard/mouse/monitor is has also operator power. Which means that he can switch off the system (power button) or let it hibernate/sleep, regardless if others are loged in local or remote.
If you mean remote from Linux to Linux (not Windows):
Yes, you can, with TigerVNC and x11vnc
Install both (possibly TigerVNC is already installed, and possibly x11vnc is not) on both machines.
The machine you are sitting at is called LOCAL for the sake of these instructions, the Remote machine you are connecting to will be called REMOTE.
I will give instructions that will tell you how to do it within your LAN, adding Security by using an SSH tunnel. If you need to do it from outside the LAN, that requires mapping ports in the routers and using the external IP.
This is the usual method, joining the person (which is not what you want, but you may want to keep this for reference, as well).
If the person is logged in on the REMOTE, then you on the LOCAL machine open a terminal (we will call it Terminal1) and:
ssh -t -L 5900:localhost:5900 usersname@xxx.xxx.xxx.xxx 'x11vnc -localhost -nolookup -nopw -display :0'
where the xxx.xxx… is replaced with the REMOTE machine’s LAN address.
Then, on the LOCAL machine, you open another terminal (Terminal2) and:
vncviewer
The viewer client should pop up on your screen. In the address space, type:
localhost:0
then click the Connect button (or just hit Enter).
You are both now in the same Desktop together. Use F8 to get viewer options, including disconnet.
Now, for the case you are asking, instead of the above, you will:
On the LOCAL machine, open Terminal1 and connect to the other machine with SSH:
ssh usersname@xxx.xxx.xxx.xxx
again xxx.xxx… is replaced with the REMOTE machine’s LAN address.
You will then invoke the VNC Server on that machine:
vncserver
and watch its output, noting the display number it provides. This will actually start a 2nd session on the REMOTE machine and assign it to a Display, so it will NOT be the Desktop session the REMOTE user is in.
The User can happily work away without any interaction from you, and you can be in that User’s login in a 2nd Desktop Session without interference or interaction from the REMOTE User.
To connect to that session, you change the last digit of the ports (5900 in the command) and the -display (:0 in the command) to match the display number that the vncserver command gave you.
So, let us assume the vncserver provided the display number as 2
In Terminal1, you would then issue the same command as you did in the first example, but with those changes made, which would be:
ssh -t -L 590**2**:localhost:590**2** usersname@xxx.xxx.xxx.xxx 'x11vnc -localhost -nolookup -nopw -display :**2**'
I marked the changes in red, so you can spot them quickly.
Then, in Terminal2, you would issue:
vncviewer
but, in the address line, instead of “localhost:0”, you will enter:
localhost::5902
Note the double colon, this time.
You should now be in the 2nd instance of the User’s desktop on the REMOTE machine.
If you have any problems, let me know.
@Fraser_Bell: I’m picking up my jaw from the floor. Thank you for super detailed answer. I’ll definitely use it as a guideline when I’ll be setting my system - will try rdp first though (in the past when I tried vnc performance , even over wired lan, was not enough for graphic apps - ok for terminal / file manager operation but that’s it - but maybe I just set it up poorly).
@hcvv: I’ve been just worried that there may be some kind of limitation of rdp. Oh, and previously I set up a remote windows workstation so its clear where my worries come from 
Neither RDP protocol not Windows are inherently limited to single session. Windows by default will reconnect to existing user session, but it is possible to change it, so each connection will create new independent session. So it is entirely up to Xrdp implementation how it handles connections. But in general, remote session (which Xrdp translates to some VNC session) cannot really interfere with local X11 server unless you setup some sort of proxy for both.