--- title: Active Sessions description: >- Monitor and control active sessions in Clear Ideas. Review device access, manage security, and revoke sessions for enhanced account protection. ogTitle: Active Sessions Guide ogDescription: >- Learn to monitor active sessions in Clear Ideas. Control device access, review security, and manage session revocation for account protection ogImage: /assets/images/og/guide-active-sessions.webp navigation: icon: fasl fa-shield-alt --- # Active Sessions Monitor and control where your account is signed in. Revoke specific devices or sign out everywhere for enhanced security. Active Sessions management helps you maintain account security by tracking and controlling access across all devices and applications. ## Accessing Active Sessions Navigate to **Settings > Sessions** (or **Settings > Active Sessions & OAuth Consents**) to view and manage your active sessions. **Session Management**: The Active Sessions page provides comprehensive session management across all devices and OAuth applications you've authorized. ## Review Sessions From **Settings > Sessions**, you can see detailed information about each active session: ### Session Information Displayed **Device Description**: Browser and operating system information (e.g., "Chrome on macOS") **Location**: Geographic location based on IP address (e.g., "San Francisco, CA, US") **Masked IP Address**: Partially masked IP address for privacy (e.g., "192.168.1.•••") **Last Activity**: Time since last activity (e.g., "2 hours ago", "yesterday") **App Type**: Application type (Web, Admin, Sync, Mobile, OAuth) **Session Type**: Type of session (web session, OAuth consent, etc.) **Current Session Indicator**: Your current session is highlighted with a border and "Current" badge ### Session Types **Web Sessions**: Browser-based sessions from the Clear Ideas web application **Admin Sessions**: Sessions from the Clear Ideas Admin application **Sync Sessions**: Sessions from the Clear Ideas Sync desktop application **Mobile Sessions**: Sessions from mobile applications **OAuth Consents**: Authorized OAuth applications with access to your account ### OAuth Consents OAuth consents show: - **Client Name**: Name of the OAuth application - **Client Description**: Description of the application - **Consented At**: When you authorized the application - **Last Activity**: Last time the application accessed your account ## Managing Sessions ### Refresh Sessions **Refresh Sessions**: Click **Refresh Sessions** to update the session list with the latest information. **When to Refresh**: Refresh when you want to see the most current session status and activity. ### Logout Current Session **Logout (Current)**: End your current session. **Process**: 1. Find your current session (highlighted with "Current" badge) 2. Click **Logout** button 3. You are immediately logged out and redirected to the login page **Effect**: Your current session ends immediately. You'll need to log in again to continue using Clear Ideas. ### Revoke Other Sessions **Revoke (Other)**: Immediately sign out a selected device. **Process**: 1. Find the session you want to revoke 2. Click **Revoke** button 3. Confirm the action 4. The session is terminated immediately **Effect**: The selected session ends immediately. The user on that device will need to log in again. **Use Cases**: - Revoke access from a lost or stolen device - End sessions on shared computers - Terminate suspicious or unauthorized access - Clean up old sessions ### Logout All Devices **Logout All Devices**: Terminate all sessions across apps and devices. **Process**: 1. Scroll to the **Security Actions** section 2. Click **Logout All Devices** 3. Confirm the action in the dialog 4. All sessions are terminated immediately **Effect**: - All active sessions across all devices and applications are terminated - You are logged out from all devices - You'll need to log in again on any device you want to use - **Access Keys are NOT affected** - API access keys remain active **Warning**: This action cannot be undone. Any unsaved work in other tabs or devices may be lost. **When to Use**: - Security breach or suspected unauthorized access - Lost or stolen device - Account compromise concerns - Complete account reset ## Session Expiration ### Automatic Expiration **Automatic Expiration**: Sessions expire automatically after 30 days of inactivity. **Inactivity Period**: If a session has no activity for 30 days, it expires automatically. **Activity Reset**: Any activity resets the expiration timer. **Expired Sessions**: Expired sessions are automatically removed and no longer appear in the session list. ### Session Lifecycle **Creation**: Sessions are created when you log in to Clear Ideas **Activity**: Sessions remain active as long as there's activity within 30 days **Expiration**: Sessions expire after 30 days of inactivity **Removal**: Expired sessions are automatically removed from the session list ## Security Best Practices ### Regular Review **Weekly Checks**: Review your active sessions weekly to identify any unfamiliar access **Monthly Audit**: Perform monthly audits to ensure all sessions are legitimate **Immediate Action**: Revoke any suspicious or unfamiliar sessions immediately ### Recognizing Suspicious Sessions **Unfamiliar Location**: Sessions from locations you haven't visited **Unknown Device**: Sessions from devices you don't recognize **Unexpected App Type**: Sessions from applications you don't use **Recent Activity**: Activity when you weren't using Clear Ideas ### Proactive Security **Revoke Unused Sessions**: Regularly revoke sessions from devices you no longer use **Logout from Shared Devices**: Always logout from shared or public computers **Monitor OAuth Consents**: Review and revoke OAuth applications you no longer use **Use Logout All**: Use "Logout All Devices" if you suspect any security issues ## OAuth Consent Management ### Viewing OAuth Consents OAuth consents appear in the session list with: - OAuth badge indicator - Client name and description - Consent date - Last activity timestamp ### Revoking OAuth Consents To revoke an OAuth consent: 1. Find the OAuth consent in the session list 2. Click **Revoke** 3. Confirm the action 4. The OAuth application loses access immediately **Effect**: The OAuth application can no longer access your account. You'll need to re-authorize if you want to use it again. ## Troubleshooting ### Session Not Appearing **Refresh**: Click "Refresh Sessions" to update the list **Wait**: New sessions may take a moment to appear **Check Filters**: Ensure you're viewing all session types ### Cannot Revoke Session **Current Session**: You cannot revoke your current session (use Logout instead) **Already Expired**: The session may have already expired **Permissions**: Ensure you have permission to manage sessions ### Unexpected Logout **Session Expired**: Your session may have expired due to inactivity **Revoked**: Someone with access may have revoked your session **Logout All**: "Logout All Devices" may have been used ## Related Documentation - [Access Keys](/security/access-keys) - Manage API access keys (not affected by session management) - [Encryption and Privacy](/security/encryption-and-privacy) - Learn about security practices