When the user logs in one the desktop record, the sessionid, the username or id, and the current time in a row in a table in the database. Anytime the user requests another page or performs some action on your website, update that record with the current time (it's basically like an activity timer).
If a user hasn't been active for XX minutes (e.g. an hour), then you can assume that user has moved away from your site without clicking the logout button.
Therefore, when the same user tries to log in on the laptop, before doing any authentication operations, delete all rows in the table where the session, user, and time are stored, where the time is XX minutes older than now(), then perform the authorization.
That's how it's done.
EDIT: Though I'd mention, if it wasn't immediately obvious, that this method is also useful as an activity timer (I'm sure you've seen websites that log users out after XX minutes of inactivity). Every time a page is requested, just check when the last activity of the current session was in the database, and if you deem it to be too long, then log the user out.