Active Sessions

Monitor and control where your account is signed in. Revoke specific devices or sign out everywhere for enhanced security. Active Sessions management helps you maintain account security by tracking and controlling access across all devices and applications.

Accessing Active Sessions

Navigate to Settings > Sessions (or Settings > Active Sessions & OAuth Consents) to view and manage your active sessions.

Session Management: The Active Sessions page provides comprehensive session management across all devices and OAuth applications you've authorized.

Review Sessions

From Settings > Sessions, you can see detailed information about each active session:

Session Information Displayed

Device Description: Browser and operating system information (e.g., "Chrome on macOS")

Location: Geographic location based on IP address (e.g., "San Francisco, CA, US")

Masked IP Address: Partially masked IP address for privacy (e.g., "192.168.1.•••")

Last Activity: Time since last activity (e.g., "2 hours ago", "yesterday")

App Type: Application type (Web, Admin, Sync, Mobile, OAuth)

Session Type: Type of session (web session, OAuth consent, etc.)

Current Session Indicator: Your current session is highlighted with a border and "Current" badge

Session Types

Web Sessions: Browser-based sessions from the Clear Ideas web application

Admin Sessions: Sessions from the Clear Ideas Admin application

Sync Sessions: Sessions from the Clear Ideas Sync desktop application

Mobile Sessions: Sessions from mobile applications

OAuth Consents: Authorized OAuth applications with access to your account

OAuth Consents

OAuth consents show:

• Client Name: Name of the OAuth application
• Client Description: Description of the application
• Consented At: When you authorized the application
• Last Activity: Last time the application accessed your account

Managing Sessions

Refresh Sessions

Refresh Sessions: Click Refresh Sessions to update the session list with the latest information.

When to Refresh: Refresh when you want to see the most current session status and activity.

Logout Current Session

Logout (Current): End your current session.

Process:

1. Find your current session (highlighted with "Current" badge)
2. Click Logout button
3. You are immediately logged out and redirected to the login page

Effect: Your current session ends immediately. You'll need to log in again to continue using Clear Ideas.

Revoke Other Sessions

Revoke (Other): Immediately sign out a selected device.

Process:

1. Find the session you want to revoke
2. Click Revoke button
3. Confirm the action
4. The session is terminated immediately

Effect: The selected session ends immediately. The user on that device will need to log in again.

Use Cases:

• Revoke access from a lost or stolen device
• End sessions on shared computers
• Terminate suspicious or unauthorized access
• Clean up old sessions

Logout All Devices

Logout All Devices: Terminate all sessions across apps and devices.

Process:

1. Scroll to the Security Actions section
2. Click Logout All Devices
3. Confirm the action in the dialog
4. All sessions are terminated immediately

Effect:

• All active sessions across all devices and applications are terminated
• You are logged out from all devices
• You'll need to log in again on any device you want to use
• Access Keys are NOT affected - API access keys remain active

Warning: This action cannot be undone. Any unsaved work in other tabs or devices may be lost.

When to Use:

• Security breach or suspected unauthorized access
• Lost or stolen device
• Account compromise concerns
• Complete account reset

Session Expiration

Automatic Expiration

Automatic Expiration: Sessions expire automatically after 30 days of inactivity.

Inactivity Period: If a session has no activity for 30 days, it expires automatically.

Activity Reset: Any activity resets the expiration timer.

Expired Sessions: Expired sessions are automatically removed and no longer appear in the session list.

Session Lifecycle

Creation: Sessions are created when you log in to Clear Ideas

Activity: Sessions remain active as long as there's activity within 30 days

Expiration: Sessions expire after 30 days of inactivity

Removal: Expired sessions are automatically removed from the session list

Security Best Practices

Regular Review

Weekly Checks: Review your active sessions weekly to identify any unfamiliar access

Monthly Audit: Perform monthly audits to ensure all sessions are legitimate

Immediate Action: Revoke any suspicious or unfamiliar sessions immediately

Recognizing Suspicious Sessions

Unfamiliar Location: Sessions from locations you haven't visited

Unknown Device: Sessions from devices you don't recognize

Unexpected App Type: Sessions from applications you don't use

Recent Activity: Activity when you weren't using Clear Ideas

Proactive Security

Revoke Unused Sessions: Regularly revoke sessions from devices you no longer use

Logout from Shared Devices: Always logout from shared or public computers

Monitor OAuth Consents: Review and revoke OAuth applications you no longer use

Use Logout All: Use "Logout All Devices" if you suspect any security issues

OAuth Consent Management

Viewing OAuth Consents

OAuth consents appear in the session list with:

• OAuth badge indicator
• Client name and description
• Consent date
• Last activity timestamp

Revoking OAuth Consents

To revoke an OAuth consent:

1. Find the OAuth consent in the session list
2. Click Revoke
3. Confirm the action
4. The OAuth application loses access immediately

Effect: The OAuth application can no longer access your account. You'll need to re-authorize if you want to use it again.

Troubleshooting

Session Not Appearing

Refresh: Click "Refresh Sessions" to update the list

Wait: New sessions may take a moment to appear

Check Filters: Ensure you're viewing all session types

Cannot Revoke Session

Current Session: You cannot revoke your current session (use Logout instead)

Already Expired: The session may have already expired

Permissions: Ensure you have permission to manage sessions

Unexpected Logout

Session Expired: Your session may have expired due to inactivity

Revoked: Someone with access may have revoked your session

Logout All: "Logout All Devices" may have been used

Related Documentation

• Access Keys - Manage API access keys (not affected by session management)
• Encryption and Privacy - Learn about security practices