Depending on the situation you can often make this approach a little smarter by storing something such as an IP address with the userid.
If the user tries to log on again from the same IP address before the session has expired, it's probably because they closed the browser.
You should offer the choice of closing their old session and starting a new one.
if the user tries to log on again from a different IP address, then it is probably because the browser is still open on the old machine, and may mean that two people are using the same userid. In this case it's usually best to refuse the login with a message indicating that the user is already logged in elsewhere.
A much better solution, usually, is to build your application so that it doesn't
care if the same user logs on twice. Makes testing much easier too!