If They Cleared their Cookies, they would be able to log in again.Try using the date and time feature. Store the date + time in the Cookie and do something like
if{$currenttime >= $_SESSION['time'] + {ban time}) {
}
Not sure if that is right way of doing it.