How can we keep users logged in only to their site and not to entire network?
If they visit other sites on the network I want to be the same as they visit any other typical website on the internet.
As far as I remember the users in multisite are shared. They are tracked in one database table and use same cookie for authentication.
The more practical approach is to track not merely login status, but capabilities. Users should be exposed to actions/information that they can perform/see, according to their Role on specific site.
You don’t cover your use case in sufficient detail to advise on how that might apply to it.