ACCOUNT

Account & sessions.

Inspect every active sign-in for your account and revoke any you don't recognise. Sessions are stored as a SHA-256 hash of a 256-bit random id; the cleartext lives only in your HttpOnly cookie. Revoking a row sets revoked_at in the database — the row stays for the audit log.

Loading sessions…