Skip to content

[Week 4] Implement Session Management EndpointsΒ #15

@asyncnavi

Description

@asyncnavi

Description

Implement endpoints to list and manage user sessions across multiple devices.

Endpoints

List Active Sessions

GET /api/auth/sessions

Revoke Specific Session

POST /api/auth/revoke-session/:id

Revoke All Other Sessions

POST /api/auth/revoke-all-sessions

Tasks

  • Create list sessions endpoint
  • Return session details with device info
  • Implement revoke specific session
  • Implement revoke all other sessions (keep current)
  • Update session status in database
  • Send notifications for revoked sessions

List Sessions Response

{
  "success": true,
  "data": {
    "sessions": [
      {
        "id": "session_uuid",
        "device_type": "mobile",
        "device_id": "device_123",
        "ip_address": "192.168.1.1",
        "user_agent": "Mozilla/5.0...",
        "last_active": "2026-01-10T12:00:00Z",
        "current": true
      },
      {
        "id": "session_uuid_2",
        "device_type": "desktop",
        "last_active": "2026-01-09T15:30:00Z",
        "current": false
      }
    ]
  }
}

Revoke Session Response

{
  "success": true,
  "message": "Session revoked successfully"
}

Business Rules

  • Users can only manage their own sessions
  • Current session marked with current: true
  • Cannot revoke current session via revoke-all
  • Send email notification when session is revoked

Use Cases

  • User lost device - revoke that device's session
  • Security concern - revoke all sessions and re-login
  • Session management UI

Definition of Done

  • All endpoints implemented
  • Session listing working
  • Revoke operations functional
  • Notifications sent
  • Tests passing

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions