really enforcing something is always tricky with JS.
If you want to do it serverside, an approach that has been floated somewhere else is logging the IP-address or other client-specific data. If you check this on the server, you could log the client out when you see a change.
Another approach would be sending a cookie from the server. If you can no longer find it, log the client out.
Mark, though, that the logoutOtherClients works reasonably well. (I'm using it to kick students out of their account to prevent using the same payed account for multiple students.) If you a really doing something that where you are worried about people hacking mimified clientside code... there are probably other, easier attack-vectors?...