Expand description
Active admin sessions management — the security-oversight completion of the session model
(models::session, docs/archive/WEBAUTHN_DESIGN.md): see who is currently signed in (token or
passkey) and revoke a compromised identity’s sessions. Uniform authz — any signed-in admin may
view + revoke.
Session ids are never exposed (the id is the bearer credential): the read surface shows owner / method / times only, and revocation is per-owner (by the non-secret owner name), not per-opaque-id. “This is your current session” is computed server-side by comparing the row id to the request’s cookie, without surfacing either.
Structs§
- Revoke
AckDto - Acknowledgement of a session revoke: the identity and how many of its sessions were ended.
- Session
Dto - An active admin session as exposed over the API/UI. No session id (it is the credential): owner + how they signed in + when, and whether it is the viewer’s current browser session.
Functions§
- api_
revoke_ sessions - Revokes all of an identity’s sessions (agent twin of the screen’s revoke). Token-gated
(the
Actorguard) and audited — for automated security response (kick out a compromised account everywhere). Referenced by the non-secret owner name, never a session id. Idempotent: an identity with no sessions revokes0. Sessions are ephemeral auth state, not historical record, so this mutation is exposed to agents (unlike the immutable history tables). - api_
sessions - The active sessions (agent twin of the
/admin/sessionsscreen): who is currently signed in. Token-gated (the active-identity list is sensitive).503if the pool is exhausted. - revoke_
owner_ sessions - Revokes all of an identity’s sessions (
POST /admin/sessions/revoke?<owner>) — sign-out- everywhere, or kicking out a compromised account. Referenced by the non-secret owner name (never a session id). Redirects back to the screen. Signed-in admins only. - routes
- The human sessions screen + revoke (the agent
api_sessionsis mounted viafrontend::apidoc). - sessions_
page - The active-sessions screen (
GET /admin/sessions): who is signed in, with per-identity revoke. Signed-in admins only (unauthenticated → sign-in page, returning here).