Best approach is a plugin that checks the session database for an existing session. If an active session already exists, delete it, and continue with login. This would logout the previous user. This is the least intrusive to the user themselves (so they don't get stuck waiting for a session to expire) and avoids issues with closing browser without logging out first (which would cause them to wait for session to expire).
This approach is actually extremely simple and could be done with a simple Query action with CB Auto Actions with the after login trigger. It'd take no programming beyond writing the query, which would be as follows.
Code:
DELETE FROM `#__session` WHERE `id` != ( SELECT `id` FROM `#__session` WHERE `userid` = '[user_id]' AND `client` = 0 ORDER BY `time` DESC LIMIT 1 ) AND `userid` = '[user_id]' AND `client` = 0
To explain the query it basically queries the database to delete all sessions except for the newest. This ensures only 1 session can exist at a time. If there is no session Joomla will log them out on next page load so this gives you the 1 login at a time only. It is also note prone to silly username or IP address checking issues.
If you want to allow multiple logins you'd just modify the query as follows to ignore the 3 latest.
Code:
DELETE FROM `#__session` WHERE `id` NOT IN ( SELECT `id` FROM `#__session` WHERE `userid` = '[user_id]' AND `client` = 0 ORDER BY `time` DESC LIMIT 3 ) AND `userid` = '[user_id]' AND `client` = 0
krileon
