auth/clear_sessions.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46


POST /auth/clear-sessions
back to auth /// home
Adminier endpoint to nuke all active sessions for a specific user. Useful when you need to force someone to relogin or if an account might be compromised.
Requires a power level equal to or greater than min_clear_sessions_power (configurable).
Request Body
{
  "user_id": 42
}


Field
Type
Required
Notes


user_id
integer
yes
the user whose sessions you want to kill duh


Success Response (200)
{
  "success": true,
  "sessions_cleared": 3,
  "user_id": 42
}


sessions_cleared tells you how many sessions were murdered. If the user had no active sessions its 0 and thats still a success.
Error Responses


Code
When


401
no token or invalid session


403
your power level is too low


The 403 error message optionally may tell you what power level is required.
Notes

this only affects the targeted users sessions obv. your own stays alive
works on any user including yourself if you want to nuke your own other sessions
cleared sessions are removed from both the in memory cache and the database (if persistent sessions are on and supported obv.)