Interesting! I've taken a slightly different approach than yours. I have a main user (UserMain) table that holds among other things, a counter field stating what the maximum allowed concurrent logins are for the user. Then another table (UserLimit) that has records added/removed from it (containing the user's ID) when the concurrent logins field is altered in the UserMain table.

On user login, I just scan the UserLimit Table attempting to gain an RLOCK. If I get one, then I'm allowed in. If not, the user gets the appropriate error message. Since I know that the UserLimit table has the proper number of concurrent logins records, I don't need to check any further.