That looks like the gist of it, but I am not sure you need to grant anyone VIEW SERVER STATE...all members of public are able to view their own sessions in sys.dm_exec_sessions, so I am not sure you need to use sys.dm_exec_sessions.

You'll need to carry some metadata somewhere to list the logins that get kicked out when they exceed the max number of sessions, whether that be in a table in a utility database or hardcoded into the trigger. At the end of the day though, this is a custom feature of the instance so make sure you full document it so it can be properly maintained. Compiling a bad logon trigger can have a major, negative effect on the instance.