it's not entirely what you want, but the authentication schemes contain a hook for a verify function. If this returns false, APEX creates a new session. The verify function could compare the session's version of most current month (e.g. stored in an app item) with the actual value. I would prefer this to an application process. As for the lookup, maybe it can be made more efficient by a result cached function, a materialized view or a global application context?
We do not have a public API to log out all users of an application. You could directly access the repository (e.g. delete from wwv_flow_sessions$), but I will never recommend that on the forum, not even to you ;-)