I have had a very similar requirement in one of my previous projects and its very complex that what many people think.
We were developing a web application using ASP.NET and C# and the requirement was to prevent same user to login from two different browsers in two different computers. Meaning that, if a user with credential 'A' is logged in to the application, then if another user tries to use the same credential 'A' and tries to login, we should let him know that a user using the same credential is already logged in. This will help preventing sharing of credentials among end users.
How this problem was solved is that, when a user logs in, we record that information in a database table (called sessions table) and log the userid, sessionid and the time of login and also the last activity time (the time when last request was received from the user). During any login, we will do a check with this table to see if the user is already logged in or not (also considering that the session is not timedout which can be determined using the lastmodifiedtime) and if the user is not logged in then will be authenticated orelse we will display a message saying that a user with same credential is already logged in. This is just a high level idea but the actual implementation was more difficult and there are numerous scenarios involved that needs to be handled. Most of the logic would go in the login page and in a HTTPModule class.
I also want to let you know that i have handled the scenario when the session timesout but its not possible to handle the browser close activity (by clicking the x button).
By looking at your requirement, it looks to be very similar from implementation perspective on what I had done with my previous project
About me, I have 8 years experience in .NET development and working as a Senior Software Engineer for a software firm in Silicon Valley. I recently decided to do freelancing and this is one of my first bids.