I presume you have a database, somewhere, to access and test the original login.
If you could add in php then you could store a uid/key pair in a $_SESSION variable. Check the UID/KEY for every page open that you wish to secure - and also modify/update the key after each test. You could then even add a time stamp and expire a login after some appropriate amount of time. The key is just a random string. The uid could be hashed and that stored instead of their ID.
SELECT COUNT(*) from WhoIsLoggedInTable where uid='blahblah' and key='random something' and time-difference-functin(minutes, time-stamp-field, database-datetime-function) > expired-minutes
count > 0 and they're still logged in (update table accordingly).
Note that by not relying on any kind of window function it works on any browser and any O/S. There are a bunch of them out there and actively in use these days