I think you'd have to be able to kill his session.
jbriscoe did you find a way to do this?
logoff another user? I'm trying to stop the same user loggin in twice.
Would be good to know what you found out.
No, I have not been able to figure out if this is possible through JBoss alone. I have put this issue to the side.
No, you have no access to flush the default authentication cache or tomcat session manager.