POST /auth/clear-sessions
back to auth /// home
Adminier endpoint to nuke all active sessions for a specific user. Useful when you need to force someone to relogin or if an account might be compromised.
Requires a power level equal to or greater than min_clear_sessions_power (configurable).
Request Body
{
"user_id": 42
}
| Field | Type | Required | Notes |
|---|---|---|---|
user_id |
integer | yes | the user whose sessions you want to kill duh |
Success Response (200)
{
"success": true,
"sessions_cleared": 3,
"user_id": 42
}
sessions_cleared tells you how many sessions were murdered. If the user had no active sessions its 0 and thats still a success.
Error Responses
| Code | When |
|---|---|
| 401 | no token or invalid session |
| 403 | your power level is too low |
The 403 error message optionally may tell you what power level is required.
Notes
- this only affects the targeted users sessions obv. your own stays alive
- works on any user including yourself if you want to nuke your own other sessions
- cleared sessions are removed from both the in memory cache and the database (if persistent sessions are on and supported obv.)