Hi,
the problem with the Mobile app is that it doesn't work using sessions, every request is authenticated without cookies or an active server session because each request is unique.
I don't see an easy way to implement it, if you want only one active session I think you will need to disable totally the mobile app.