Prevent multiple login using the same user name and password

Question

I am developing an application that needs to prevent multiple login using the same user name and password.

If it happens on the same machine then obviously we need t

Answer 1

I'd track each user's last known IP address and a timestamp for when they were last on that IP. Then you can just block access from other IPs for 5 minutes, an hour, or whatever you like.

Whenever the IP address switches, you can a) expire the user's old session, so they're forced to log back in and b) increment a per-user counter (which you can zero out every hour). If the counter goes above 5 (or something), you can block all access to the user's account for a longer period of time.