This will log a user out of all other sessions before logging in. Essentially ensuring that a user will only be allowed one session at a time.
add_filter('authenticate', 'wpse_12282015_single_login_authenticate', 0, 3);
function wpse_12282015_single_login_authenticate($user, $username, $password) {
$user = get_user_by('login', $username);
if( isset($user->ID) ){
if(isset($user->roles) && is_array($user->roles)) {
//check for admins
if(in_array('administrator', $user->roles)) {
// admin can log in more than once
return $user;
}
}
// get all sessions for user
$sessions = WP_Session_Tokens::get_instance($user->ID);
// destroy everything since we'll be logging in shortly
$sessions->destroy_all();
}
return $user;
}