I haven't yet tried to search in field user-data of table ci_session.
If it does not work, you could create a new field in the session table with username (or email if this is your identity field).
Then write a method:
When a user logs in, it destroys all other sessions with this identity.