Learn how to manage concurrent active sessions, authorize concurrent devices, and remotely revoke sessions instantly.
A premium flat layout replacing outdated nested containers.
View sessions cleanly as separate card elements, improving scannability on both mobile and web browsers.
DeviceSecurityGuide.sessionList.s2.content
The active session is flagged with a 'This Device' tag, disabling the block/revoke buttons to prevent accidental self-lockouts.
Modern recognition securing users against IP-switching locks.
Registers a persistent UUID locally on your device. Changing networks (WiFi to 4G) maintains device trust without blocking access.
When there are no trusted devices registered (first-ever login or after password resets), the system trusts the first device automatically.
Subsequent concurrent logins from recognized but untrusted devices are held PENDING and locked until approved.
Secure, fast authorization for new concurrent devices.
Multiple pending attempts from a single IP are grouped into a single card showing the latest request, avoiding list clutter.
Approving a card authorizes the device and automatically purges older duplicates. Rejecting wipes all IP pending sessions in a single step.
Untrusted devices display the trust modal. The frontend fallbacks to polling every 3 seconds to trigger immediate dashboard redirects once approved.
Instant, real-time eviction of compromised devices.
Clicking Revoke broadcasts real-time WebSocket events. The remote device is immediately logged out and redirected to /login.
The target browser leverages standard BroadcastChannel to evict and log out all active tabs simultaneously.
System administrators can trigger 'Revoke All Devices' across all users, secured via Admin Step-Up Authentication.