sitaram, Preventing multiple logins with the same user/id was discussed in great detail a month or two back on this or the JSP forum. If you're really interested in the topic, it's worth spending some time with the search feature on this site to look that tread up.
how to find session all session id id's at a particular time how to delete a session by knowing the session id.
As I recall, the early version of the servlet API let you do this sort of thing but the methods were considered a security risk and were removed. The simplest thing to do is to make a plain old java object (POJO) that holds a user's information and manage those separately from the HttpSession mechanism. For example, in a collection keyed by user name. Bill