you can use a session variabled called (for example) session("blnLoggedIn")...
When the user visits the site, check the session variable if it is true, they are already logged in. If it is false, they are not logged in and you can set it to true.
That will resolve it if they are on the same machine and browser.
If you want to expand it, and go to muliple machines, set a flag + timestamp in a db when they log in and check that everytime. The problem with this method is that the Session_onend event doesn't always work so you'll need to rely on them to actually click a log off button and you can reset the flag.
To get around this (the best I know how)...
Everytime they click a link, re-set the timestamp. Create a background job that re-sets all log in flags to 0 (not logged in) for any timestamps that are more than 20 minutes old (or whatever length you want your session to be active).
So the process will be:
1. User attemps login
2. Script checks to see if that user is already logged in by checking the flag
3. If it flag is set to 1, the user cannot log in again.
4. If the flag is set to 0, the user can log in.
5. If the flag is set to 1, but the other login has just closed their browser, the login should work after a maximum of 20 minutes.
In order to correct it for the current user, use a combination of cookies/db entries and always check to see if the cookie exists.
That may not be the best explanation, hopefully you'll be able to make some sense out of it...perhaps another member of this forum can come up with a different method or explain what I am trying to do in easier to understand terms.
Good luck.
TIP: trying googling the answer before posting, you'll find that more times than not someone else somewhere has had the same request and posted an answer online.
----
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javascript enabled browsers