Sessions & Devices

TaskView tracks every login as a separate session. You can see all active sessions, identify which device each session belongs to, and close sessions remotely.

How sessions work

When you log in from any device (browser, mobile app), TaskView creates a session record with:

• Device name - automatically parsed from User-Agent (e.g. "Chrome 120, macOS", "Safari 17, iPhone")
• IP address - the IP used at login time
• Created at - when the session was created
• Last used - when the session was last active

The JWT token issued at login contains the session ID. On each request, TaskView verifies that the session still exists - if it's been revoked, the token is rejected.

Viewing sessions

1. Go to Account → Sessions
2. See all active sessions with device name, IP, and timestamps
3. Your current session is marked

Closing a session

Click the close button on any session to revoke it. The user on that device will be signed out on their next request.

You cannot close your current session from this page - use the regular logout instead.

Closing all other sessions

Click "Close all other sessions" to sign out of every device except the one you're currently using. Useful if you suspect unauthorized access.

API reference

All endpoints require JWT authentication. API tokens cannot manage sessions.

List sessions

GET /module/sessions

Returns all active sessions for the current user. Each session includes an isCurrent flag.

Close a session

DELETE /module/sessions

{
  "id": 42
}

Returns 400 if you try to close the current session.

Close all other sessions

DELETE /module/sessions/all

Closes all sessions except the current one.