With my site that that I’m working on I store the sessions in a database table, one of the fields in that table is for the ID number of a user (set for 0 when a sessions is a user that isn’t logged in). When someone logs in I update the user ID field for that session with the user ID for that user (will set it to also regenerate the session ID at that point for the live site). You could use a similar set-up but have an extra query delete all sessions for the user that don’t have that user’s current session ID (on the browser and computer combination that they’ve just logged in on).