If you running OpenAM in MULTI_SERVER_MODE (you have site configuration) it seems that you cannot use "Maximum number of concurrent sessions allowed for a user" limit if do not use Session Fail Over (SFO).
Why this limitation to use session quota / user? SessionCount.getAllSessionsByUUID(String id) method implementation seems to even support session calculations from other member of sites.
If you cannot limit easily session / user this is critical security issue. Some evil user/hacker could cause denial-of-service attack with one own or stolen user identity to OpenAM.
Session limit / user configuration cannot be related to SFO. There should be at least lite way limit user sessions even per server.