I am not sure how valid this solution would be for you but in my application, basically, if a user has a browser open ( we track that by storing user-ids and session ids in the database), we kick him out if he opens another browser. I guess, that's how my application uses session variables without any thought of
thread safety for them. Anyway, I am not sure if this would be a viable solution in your case but that is definetely one of the options.
[ February 16, 2005: Message edited by: Ritu varada ]