Unfortunately, the answer to both of these questions would be no as far as I know.
A webhook would just let you know that it already happened, you’d have no way to intercept it. And if I’m not mistaken I think I read somewhere on here that the user login / logout webhook events are not working anymore (even though you might still be able to find them in the docs).
I’m afraid this is a no as well. For the Atlassian Cloud you have to think differently about add-ons/apps that you do on Server. On Server, you can do full-fledged apps that can change existing functionality, add new features or even take unwanted functionality away. In the Cloud, you can only add new functionality and that only in sandboxed and limited ways.
So, in the Cloud you’ll have to view apps more as external standalone services that you are integrating into your Atlassian host - not really as add-ons like you do on Server. You can not change how an existing button in Confluence or Jira looks or behaves. You cannot remove any features you don’t like or would need to remove to comply with certain formal restrictions. You have to accept the base product as is and can only add new features for example in the form of a panel that displays new information on your issues or a Confluence macro that does the same.
I don’t think there is API providing the last login time of a cloud user. Since you also asked this in Cloud User last login time or User last active... add on about, I assume you are developing a Jira Cloud app so you should make sure you are familiar with the following documentation relevant to user data: