Sorry to hear you’re experiencing this difficulty.
Can you please provide more details on what you mean by runaway sessions? Are the clients that created the sessions still sending requests, or have they stopped sending requests? Are the existing requests stalled?
Additionally, are the existing clients creating new sessions under that user?
I’m not aware of any functionality that we’ve built to forcibly terminate existing user sessions.
I’ve confirmed that dropping a user does not disconnect existing user sessions for that user, which is somewhat surprising.
REVOKE'd all permissions from that user, though, the user’s session should be pretty well locked down - any operation that the user tries to perform on the cluster that touches actual tables will fail.
To actually drop the sessions, I think you’d need to get the clients to close their connections. You could also reboot the gateway node, but that might be undesirable if you have other traffic on the cluster, of course.