SAP sessions can become part of a development solution, though this is not a common thing. Session control is a subject that should be controlled by the overall system and not from your specific development. Having said that - there are means to control sessions from an Abap development.
A few modules that will call the system's ThUsrInfo to perform these kernel tasks:
Open a new session starting a transaction code:
CALL FUNCTION 'TH_CREATE_MODE'
EXPORTING
TRANSAKTION = 'SO10' "<= your transaction
EXCEPTIONS
MAX_SESSIONS = 1
OTHERS = 4.
The TH_ is the naming convention for Task Handler and supports quite a suite of function modules calling the ThUsrInfo C-routine. This routine covers many types of requests.
Close a session (no questions asked)
CALL FUNCTION 'TH_DELETE_MODE'.
This will kill the current session. If it's another session (of your own) you are aiming to kill, you will need to go through SM04. To back me up - check this SDN thread.
Session matters
Transaction SM04 covers a lot of session matters - one of which is presented by the use of BSP applications. When an end user starts a BSP application, a session is added with type "Plug-in HTTP" (instead of GUI or RFC). I had the pleasure to work out an automated way to kill these sessions, which turned out to be quite tricky. Even though SM04 holds the functionality to list sessions and to close them, this logic is not accessible to Abap folk. Screen 2000 of RSM04000_ALV has flow logic modules that are not recognized by the Abap editor. SAP is leaving us Abap folk in the dark - on purpose. You shouldn't be murdering user sessions if you want the system to be stable. There's no Business Logic in that.