"Deleting" a session isn't really possible, you'd have to logout the user:
com.mendix.core.Core.logout(getContext().getSession())
As far as I know you can't prevent users from logging in.
If with "can't login" you mean a user isn't allowed to do any actions on the system, you could set a microflow as homepage that checks a Boolean, say LoginAllowed, if it returns false you simply throw the java action Achiel made and a message saying they aren't allowed to login at this time.
I don't believe you can prevent them from trying to login though.