Add session management with active session listing and revocation

🔧 **Title:** Add session management with active session listing and revocation

📘 **Description**
Users have no visibility into their active sessions and cannot revoke a session if their device is lost or stolen. This is a basic security feature for any financial application.

✅ **Acceptance Criteria**
- [ ] Store session metadata (device, IP, last active) in a `Session` database model
- [ ] Add `GET /api/auth/sessions` endpoint listing all active sessions
- [ ] Add `DELETE /api/auth/sessions/:id` to revoke a specific session
- [ ] Add `DELETE /api/auth/sessions` to revoke all sessions (logout everywhere)
- [ ] Show active sessions in `AccountSettings.jsx`
- [ ] Add tests for session listing and revocation

🔧 **Context:** `backend/src/routes/auth.js`; `frontend/src/components/AccountSettings.jsx`.

---

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add session management with active session listing and revocation #580

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Add session management with active session listing and revocation #580

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions