Skip to main content

One active session per user

The revoke_active_sessions action is used to log out a user from all other active sessions. This ensures that every user has exactly one active session and device at a time.

For example, if a user logs in to your application on multiple devices, the revoke_active_sessions action can be used to log out the user from all other devices when they sign in on a new device. This ensures that the user is only able to access the application from one device at a time and improves the overall security of your application.

The revoke_active_sessions action can also be used to log out a user when they change their password or perform other security-related actions. This ensures that the user is immediately logged out from all other devices and prevents unauthorized access to the application.

By using the revoke_active_sessions action in combination with other security measures, you can ensure that users are only able to access the application from one device at a time and improve the overall security of your application.

Toggle action

Run this command:

ory patch identity-config --project <project-id> --workspace <workspace-id> \
--add '/selfservice/flows/login/after/hooks/0/hook="revoke_active_sessions"'