Might it be possible to add code to the application to store a logged in user's current IP address in a profile document when they log in. Then, each time they hit the server check that the IP address is identical.
If the IP address changes then log them out somehow. (The only way I can think of to log them out is to redirect them to the logout URL.) You could also log the hack attempt with the IP address and perhaps use it to ban that IP address somehow.
Might it be possible to add code to the application to store a logged in user's current IP address in a profile document when they log in. Then, each time they hit the server check that the IP address is identical.
If the IP address changes then log them out somehow. (The only way I can think of to log them out is to redirect them to the logout URL.) You could also log the hack attempt with the IP address and perhaps use it to ban that IP address somehow.