Prevent same user login from multiple times at the same time

There are multiple ways that you can do.

First you can store flag for logged in users in database and update flag on log out
Second you can maintain logged in users in Application object and update it on log out

Now the question comes what if user doesn't log out properly or the session time out occurs?

There is alternate way you can choose. Write a code to update the user presence in database after some time interval. This service will keep telling database that user is still logged in. Now even if user doesn't close browser properly, after fixed time interval this service will come to know that user is no longer connected to database and will force fully log out the user.

This method will increase your database traffic for sure. But may help you in preventing multiple login! This is just an idea I have shared with you.