🏠 Overview 🧩 Components 🧩 Session Management Service

Session Management Service

Component Detail

Service Layer high complexity backend
2
Dependencies
4
Dependents
3
Entities
0
Integrations

Description

Core business logic service for listing, monitoring, and terminating user sessions across both mobile (JWT refresh tokens) and admin portal (HTTP-only cookie) session types. Enforces configurable expiry policies stored in organization_settings and writes termination events to the audit log.

Feature: Session Management

session-management-service

Responsibilities

  • List active sessions for all users within an organization
  • Execute remote session termination by marking session records as revoked
  • Enforce configurable idle timeout and absolute session lifetime policies from organization_settings
  • Emit structured audit log entries on each termination event
  • Support revocation checks against refresh token hashes for mobile JWT flows

Interfaces

getActiveSessions(organizationId: string): Promise<Session[]>
terminateSession(sessionId: string, terminatedByAdminId: string): Promise<void>
terminateAllSessionsForUser(userId: string, terminatedByAdminId: string): Promise<void>
getSessionPolicy(organizationId: string): Promise<SessionPolicy>
isSessionRevoked(refreshTokenHash: string): Promise<boolean>

Relationships

Dependencies (2)

Components this component depends on

infrastructure Audit Service Shared data Sessions Repository

Dependents (4)

Components that depend on this component

service User Management Service service Bulk Action Service service Security Monitoring Service ui Session Management Page

Related Data Entities (3)

Data entities managed by this component

Organization 22 fields core Session 19 fields core User 26 fields core