The only way you can do that, is by storing the user login in information in a table. So when the user tries to log in again, you can verify weather he is logged in some where else by quering the table. Once the user logs out, delete rows from the table.
Remember you would not be able to do anything with the help of cookies. Cookies will just contain form authentication ticket, which would be used by authentication module to verify whether the coming request is authenticated or not. And since the calls are stateless you can not decided anything just by looking at the cookie