I would like to not allow two users with the same usename to be in a web application at the same time. Therefore what I was thinking was to keep a HashMap of username and session id in the application scope and on login check against this map.

What I was wondering is if there was a way to programatically pull a session id out of this HashMap and have the server automatically invalidate the session (instead of waiting for the user who is having their session invalidated submit a request and have to check for some global variable each time).

Basically I want to have the ability to kill other user's sessions. Is this possible?