# POST /auth/clear-sessions

[back to auth](README.md) /// [home](../README.md)

Adminier endpoint to nuke all active sessions for a specific user. Useful when you need to force someone to relogin or if an account might be compromised.

Requires a power level equal to or greater than `min_clear_sessions_power` (configurable).

## Request Body

```json
{
  "user_id": 42
}
```

| Field     | Type    | Required | Notes                                        |
|-----------|---------|----------|----------------------------------------------|
| `user_id` | integer | yes      | the user whose sessions you want to kill duh |

## Success Response (200)

```json
{
  "success": true,
  "sessions_cleared": 3,
  "user_id": 42
}
```

`sessions_cleared` tells you how many sessions were murdered. If the user had no active sessions its 0 and thats still a success.

## Error Responses

| Code | When                        |
|------|-----------------------------|
| 401  | no token or invalid session |
| 403  | your power level is too low |

The 403 error message optionally may tell you what power level is required.

## Notes

- this only affects the targeted users sessions obv. your own stays alive
- works on any user including yourself if you want to nuke your own other sessions
- cleared sessions are removed from both the in memory cache and the database (if persistent sessions are on and supported obv.)