May be, just may be following would work ( we did it long back(1997) and we did it for object privileges not for the system privilege, that’s why I’m not so sure ) :

Create a role say SSN with a password.

Assign necessary privileges say ALTER SESSION.

Grant the role to the user.

Alter user assigned defualt role giving every other role but leaving SSN. That way when they login, only default roles will be enabled.

Then create a form (or a pl/sql procedure ) to allow them to kill their own session, you need to figure out which session to kill of course, since user will have additional session for the Form as well.

In the pre-form trigger ( or in the beginning of the pl/sql) , enable role SSN using dbms_session.set_role.