It is common feature that a user can use his/her credentials to login in multiple browser and multiple devices simultaneously. But in many cases business owners wants to restrict them. I have implemented the same in one of my site which is running on .NET framework 1.1
First create a field in database to store the session ID with user ID which indicates that this user is currently using this session ID to access the system. Now go to method “Application_PreRequestHandlerExecute” in “Global.asax.cs” file and first check the user session. If user session is exists then get the store session ID of user from database and then compare it with current session ID of user (using Session.SessionID). If it not matches then remove the user session and create new one to store in the database.
After implementation of this, when a user will login on one browser or machine and try to login on another browser or machine then system will logout the user from first/older browser/machine and login on current browser/machine.