I think you talking about multi login from different IPs/Devices? Thats what i think about right now. You cannot count "Browser Tabs" or something like that ...
So, if this is your case your solution is such easy. Bind any user login on an active record in a an database or an other persistence.
DB-Model:
userSession (
'id', // primary key
'userId', //foreign key
'sid', //unique session id
'ip', //unique user id or uniqure device (I preffer IP!)
'login', //datetime
'lastClick' //datetime
);
An active session is open if a active record in db for that user exists. You need to check for the given db user record on any user action (HTTP-Request I think). You are able to count active user session for one user now. You are also able to kick user now by delete the depending userSession record.