I would second the tomcat's suggestion. But here I would create a webpage and based on the operator sites, I would first list the session information corresponding to the site and user. Then through the web front end would gather the inforamation from the operator and then invoke the database package to delete the session using alter system and then also log the information on the session to a log table with the time of delete and the person who deleted it. This way it would keep track of things and also would help you to answer some questions if one were to be raise to you.
I've seen problems before with the unix process hanging out there, with the Oracle process in a KILLED status in v$session. If you've been doing this for them, and haven't had any problems - then it's probably fine.
I would put someway in the procedure to limit what sessions can be killed, you need someway for the operator to identify the session. You wouldn't want them getting the wrong session...
"False data can act only as a distraction. Therefore. I shall refuse to perceive you." - Bomb #20