it should be possible to do this with PDStorage. PDStorage allows you to remember values associated to users for a specific amount of time, e.g. 15 minutes.
When a user authenticates you can write his IP address into PDStorage. When he browses you check his client IP against the IP you remembered in PDStorage. If there is a match the user is permitted to browse, if there is a difference you will block the user.
After a user has not been seen for 15 minutes the PDStorage entry expires and gets removed. If you browse and authenticate again, the new IP will be added to PDStorage.
So this should be generally possible.