Best way to set the time in a session on login success is to add a set set session value server behavior on the login success redirect.
Set the trigger to session does not exist. Set the value to <?php echo(date("m/d/Y")); ?>
to count the failed logins, you could create a table to hold the login count. On the failed login page, create a recordset to return the currant failed count.
Add an update record server behavior to the page and set the count column to use the recordset count + 1.