I don't have much time to elaborate at the moment, but I like the approach of using Shiro's native session mechanisms - I store the Sessions in a data store I control that has query capabilities (write a Shiro SessionDAO to talk to the data store). When a user logs in, I associate their session to their user account (the session records have a 'userId' field). This way, I can query the session data store for all sessions associated with a particular user including the one they're currently using...
HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
