I use jboss-4.0.5.GA and EJB 3.0 and I use JAAS with DatabaseLoginModule to authenticate the specify client:
LoginContext lc = new LoginContext("userTest", new MyCallbackHandler(username, passwd)); lc.login();
Every EJB invocation goes over a single thread of execution. So you can incorporate the logout functionality in your client.
If you insist on saving the LC in a database, the chair I am sitting on cannot hold me longer as I am ROTFL.