[eluser]bretticus[/eluser]
Just off the top of my head, you could use database sessions and scan for the same username or user account id. If you find duplicates, remove the session record that is older. Never tested but there's a point to jump off at.