Store the IP of the user, you can directly compare that.
You could use the IP in the token generation.
If you take that one step further, you can include the user browser agent ID in the token generation too.
You can use an auto timeout on the server.
Each time you request the user data and successfully authenticates, update a time stamp int he user table.
If you use tasks or cron jobs, you can have a script run at an interval to check timeouts in the user table based on the time stamp.
Use https connections for the ajax.
You could have a new token generated every request, or every X request, and have the client update theirs after having authenticated and a new one is generated.
Have the server generate the token each request instead of storing it in the db.
I found that using MD5()'ed (php) strings really usefull.
Just make a list of strings including all required information, then MD5 the whole string into an unique value/token.