Good practice would be let the user login from second device and logged out him from first device it would be better from user experience as well as will be easy to handle e.g

I logged in from DeviceId A (update DeviceId in db against the user) then I try to logged in from DeviceId B (again update DeviceId overriding previous DeviceId in db against the user)

Now If I make a request from DeviceId A, match the DeviceID in DB, it will return false. Send user back to login page.