You can create table to see which users are currently logged-in or have additional field in User table called logged-in (type : yes/no)
When some user log in check whether is that already logged in or not (and ofcourse, user name and password is correct or not)
If already logged in then you can deny log in
When user log out change the logged-in status in database to false
but beware, there no full-proof cure for user leaving website with out signing... You can write some code in Global.Asa on Session_OnEnd event which will change the logged-in status in database to false. But that is also not that much reliable...