Is there any way via the security API to get a list of sessions?
Like in ACEGI have a look at this example
Or would it be better just using ACEGI?
Theres some nice features such as only allowing 1 user session.
We currently have nothing that would restrict users to having only 1 session. If you really need this you can raise a feature request in JIRA.