In my application I implemented this solution to prevent multiple logins from the same user:
In the application scope I store: a- the user name (key) and sessionID(value). b- sessionID(key) and an object(value) which is of the following class:
And I have a session listener which removes the values stored in the application scope in the sessionDestroyed method.
So when the user logs in I check if this user name exists in the application scope and if so I get the session id associated with it and finally I retrieve the object associated with sessionID which holds the reference to the real session object and I call invalidate() on it.
After that I insert the (username, sessionID) and (sessionID, Reference) to the application scope.
The problem is that I believe that there are better solutions than this so any ideas are so much appreciated.