in reply to how do I force a specific session, not my own, to end?
delete the session
The real problem here, is you're confusing a session with authorization
autentication -- user proves he is a user -- could be he's got a valid session
authorization -- permissions -- if account is disabled, doesn't matter if user has a valid session (authenticated, logged it), he can no longer change password, make posts ...
If your code base doesn't distinguish from authentication and authorization, you've got a problem