There are multiple ways to manage the user session, one you already described by saving the attribute. Second, you can use admin key to get the user session like if the user session exists on the server then disable that session and re-create a new one.
How and What role of admin key for getting the user session?
Ans: You can write server-side custom code where you inject the admin key and based on username, you can get the session on the server. Here why we are suggesting custom code because enabling admin key on the application side is not good as any potential programmer can get your admin key by debugging the code.
Please find below links which help you to integrate the same:
In case you need any other help, please feel free to let us know.