Oh I see...
Hmm... my first thought is saving user's IP address that once change, it will logout.
How do you think is that?
You could do that, but you'd probably find that your users would get logged out without notice. This is because ISPs frequently change the IPs used by their customers. (This is what I've been led to believe - please correct me if I'm wrong).
IP logging probably wouldn't be the best way to do it.
My suggestion of storing the session_id in the DB should ensure that an user can only use one browser on one machine for one account.
Rem that different browsers on the same machine will have different session ids.
check user table for username and pw,
if present check logged table for user_id
if present overwrite session_id with the current session_id
add record to logged table (user id and session id)
check user_id and session_id against logged table
they are logged in with the rights of that user
they are not logged in (or no longer logged in - forced logout)
You'd need some cleanup process from time to time or your logged table would become ridiculously large. You could use a cron job every midnight to delete every entry that was a day old.
last_activity (this is updated on every page impression)