Session Management

Immediate session revocation is a critical incident response capability for organizations managing peer mentors with access to sensitive contact and assignment data. When an account is compromised or a user offboarded, waiting for natural token expiry leaves a window of unauthorized access. The feature also supports the Global Admin time-bounded access model: when a support window expires or is manually revoked, active sessions must terminate immediately. This directly underpins the platform's GDPR data protection obligations and the strict tenant isolation model. Without it, organizations cannot guarantee that access ends when authorization ends - a fundamental data protection requirement.

Session state is managed in the sessions and refresh_tokens tables. The Session Management UI queries active sessions scoped to the admin's tenant, joining with users to show display names and last-activity timestamps. Revocation calls the Authentication Module's revocation endpoint, marking the session and refresh-token chain as invalid. The mobile API client (ApiHttpClient) treats revocation-specific 401 responses as non-retryable, forcing the user to the login screen. Admin-initiated revocations are recorded in the audit log. Cross-tenant session access is never permitted, even for Global Admins without an explicit time-bounded support access grant for the target organization.