Ahem, the problem is:
People have programmed automated processes to spam the login (I know a guy who did it, he manages to log in eventually) and some people probably have triggers on their processes so kicking them out with a server restart will trigger their process and they're going to spam the server with login requests again. Chances are their trigger will start spamming the login before you do, hence them logging in and not you.

What they(Square) should do is just change a little detail in their login process to prevent a simple macro from being able to spam the login