The solution to this problem depends on a number of factors.
If you are using custom login, you can track the logged user and the session in the database.
If the user is already logged in, send a response to all existing users that someone else has logged in with the same user and then destroy the old session.
Try
http://www.sprklab.com/notes/5-how-to-allow-only-one-user-per-account-in-aspnet[
^] if the application is hosted on one server only.