You could check the error log for issues:
/usr/local/cpanel/logs/error_log
or check the access_log to see if their connection uses multiple IP addresses at the same time.
If so, you can adjust:
WHM -> Server Configuration -> Tweak Settings -> Security -> Cookie IP Validation
A setting of loose rather than strict could fix it.
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.
Anyway, this particular issue happened with one of my clients recently and this did the trick.
Worth a shot in case it's the same issue.