You have to control the session on the server side. On the server side you have access to the session id assigned to each new session.
So, when the user logs in, you store the assigned session id in the users table. He gets this session id. In each request, you check if the session id is equals to the one stored on the database.
When the users issues another login, another session id is assigned by the server, right? You store this new session id on the user's table.
Afterwards, requests from the older session will be denied/redirected, since the session id is no longer valid. The old session id was replaced by the one of the last login.