-
-
Notifications
You must be signed in to change notification settings - Fork 0
Session Management
This page explains how session management works inside SecureAuth.
SecureAuth includes advanced multi-device session management for secure account access and active session monitoring.
SecureAuth session management provides:
- Multi-device login support
- Active session tracking
- Remote session revocation
- Device monitoring
- Secure session validation
After successful authentication:
- JWT token is generated
- Session is created securely
- Device information is stored
- Session linked to authenticated user
- Secure cookie created
- Protected access granted
SecureAuth allows users to stay logged in across multiple devices.
Supported devices:
- Desktop browsers
- Mobile browsers
- PWA installations
Each session stores device-related information.
Examples:
- Browser information
- Login timestamp
- Device activity
- Session identifier
Sessions are protected using multiple security layers.
Includes:
- JWT validation
- Session expiration checks
- Secure cookie storage
- Device verification
SecureAuth stores authentication tokens using HTTP-only cookies.
Benefits:
- Prevents JavaScript access
- Reduces XSS risks
- Improves session security
Users can view active sessions.
Features:
- Current device detection
- Login activity monitoring
- Session status tracking
Users can revoke sessions remotely.
Useful for:
- Lost devices
- Unauthorized access
- Security incidents
Request:
DELETE /api/auth/sessions/:sessionIdRequest:
DELETE /api/auth/sessions/othersGET /api/auth/sessionsDELETE /api/auth/sessions/:sessionIdDELETE /api/auth/sessions/othersSecureAuth can identify the current active device session.
Benefits:
- Easier session management
- Better security awareness
Sessions may expire automatically after inactivity or token expiration.
Benefits:
- Reduces unauthorized access risks
- Improves security protection
If suspicious activity is detected:
- Revoke sessions immediately
- Re-authenticate users
- Rotate credentials if necessary
Session management security includes:
- Secure JWT validation
- Device verification
- Session expiration checks
- Protected API access
User Login
↓
OTP Verification
↓
JWT Token Created
↓
Session Stored
↓
Secure Cookie Created
↓
Protected Access Granted
↓
Session Monitoring
↓
Session Expiration or RevocationLogging out removes the active session.
Changing JWT_SECRET invalidates all sessions.
Revoked sessions immediately lose access to protected routes.
Example response:
{
"error": "Session expired"
}Solution:
- Login again
Example response:
{
"error": "Invalid session"
}Solution:
- Clear cookies
- Login again
For improved session security:
- Revoke unused sessions
- Use HTTPS only
- Monitor login activity
- Avoid shared devices
Continue with:
Secure • Fast • Modern ⚡
SecureAuth
Secure • Fast • Modern ⚡