Hi Sam,
One of the way out to your problem is:
You have to write a seprate helper class where in one
thread will be running all the time(Call this class from login
servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class).
-arun