As far as I remember the users in multisite are shared. They are tracked in one database table and use same cookie for authentication.
The more practical approach is to track not merely login status, but capabilities. Users should be exposed to actions/information that they can perform/see, according to their Role on specific site.
You don’t cover your use case in sufficient detail to advise on how that might apply to it.