I would use user context information, store it in the users table during login, and periodically check (when using many/any server call) to make sure that context matches. If it does not, automatically log out the user.
When a user logs in successfully it should overwrite any previous context info, kicking off the ‘old’ user. I doubt this would stop multiple people from the same office using the same browser from using the same login though.
Many other solutions can leave users ‘logged in’ to sessions they already closed out of, making it impossible for them to get back in.