Session Management

The Session Management API provides administrative REST endpoints to forcibly terminate active user sessions in nevisAuth without triggering federated logout flows such as SAML Single Logout or OIDC back-channel logout. It is designed for operational and security response scenarios such as account deactivation, forced logout after a credential compromise, or bulk session cleanup during maintenance. For bulk termination by user attribute, the session indexing feature must be enabled in nevisAuth and configured for the attribute used in the request. Connected nevisProxy instances detect terminated sessions on the next polling cycle when the terminated-session polling feature is enabled on the proxy side.

📄️ Terminate sessions by attribute

Terminates all sessions associated with a user identified by an attribute name and value pair,

📄️ Terminate a session by session ID

Terminates a single session identified by its unique session ID and removes it from the nevisAuth session database.