[eluser]gyo[/eluser]
Alright, if you don't want the logged-in user to be ejected, just do this:
Every time a user logs in, you check if there's another record with the same user_id.
If a record is there, and it's not expired, it means that another user is currently logged in, and the request is denied.
The story gets complicated because you want that if the logged in user closes the browser, the user account becomes available again.
You don't know when the user closed the browser, thus you can't free the account in that case.
So basically the new user should wait for the old to expire, before he can access the system.
Actually there are ways to "detect" the browser close, like JavaScript or the PHP connection_aborted(), but they will never give accurate results to rely on.