List Sessions
Get all active sessions for the current authenticated user.
Description
The List Sessions endpoint retrieves all active authentication sessions for the authenticated user. This endpoint provides comprehensive visibility into all devices and locations where the user is currently logged in, including session metadata such as IP addresses, user agents, creation times, and last activity timestamps.
This endpoint is part of the Sessions API and is essential for security monitoring and session management. Users can review their active sessions to identify suspicious activity, manage sessions across multiple devices, and revoke access from specific sessions if needed.
Use Cases
- Security Monitoring: Review all active sessions to identify unauthorized access or suspicious activity
- Session Management: Manage multiple active sessions across different devices and locations
- Access Control: Identify and revoke sessions from lost, stolen, or compromised devices
- Activity Tracking: Monitor when and where sessions were created and last used
Workflow Context
This endpoint is typically used:
- Periodically for security audits to review active sessions
- Before revoking a specific session to identify the correct session ID
- When investigating suspicious login activity or unauthorized access
- To manage sessions across multiple devices and browsers
Prerequisites
- User must be authenticated with a valid access token
- Sessions are automatically created on successful login
Quick Navigation
Endpoint
GET /api/v1/sessions
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
Response
Success (200)
{
"success": true,
"data": {
"sessions": [
{
"id": 123,
"user_id": 456,
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"created_at": "2024-01-01T12:00:00Z",
"last_activity_at": "2024-01-01T13:30:00Z",
"expires_at": "2024-01-02T12:00:00Z",
"revoked_at": null,
"is_current": true
}
],
"total_count": 3,
"active_count": 3
},
"message": "Sessions retrieved successfully"
}
Features
- Complete Session List: Returns all active (non-revoked) sessions for the authenticated user
- Session Metadata: Includes IP address, user agent, and device information for each session
- Timing Information: Shows when sessions were created, last used, and when they expire
- Current Session Indicator: Identifies the current session (the one used for this API call)
- Ordered Results: Sessions are ordered by creation date (newest first) for easy review
- Security Information: Provides all data needed to identify and manage sessions for security purposes
Response Fields
| Field | Type | Description |
|---|---|---|
sessions | array | Array of active session objects |
sessions[].id | integer | Unique session identifier. Use this ID to revoke the session if needed. |
sessions[].user_id | integer | ID of the user who owns this session |
sessions[].ip_address | string | IP address from which the session was created |
sessions[].user_agent | string | Browser or client user agent string from when the session was created |
sessions[].created_at | string (ISO 8601) | Timestamp when the session was created (typically during login) |
sessions[].last_activity_at | string (ISO 8601) | Timestamp of the last API request using this session |
sessions[].expires_at | string (ISO 8601) | Timestamp when the session will expire based on token expiration settings |
sessions[].revoked_at | string (ISO 8601) or null | Timestamp when the session was revoked, or null if still active |
sessions[].is_current | boolean | Whether this is the current session (the one used for this API call) |
total_count | integer | Total number of active sessions |
active_count | integer | Number of currently active (non-revoked) sessions |
Example
curl -X GET https://api.rivergen.com/api/v1/sessions \
-H "Authorization: Bearer <access_token>"
Related Endpoints
- Revoke Session - Revoke a specific session for security purposes
- Login - Create a new session (prerequisite)
- Logout - End the current session
- Logout All - Revoke all sessions at once
See Also
- Sessions API Overview - Complete guide to session management
- Authentication Concepts - Understanding authentication and token management
- Trusted Devices API - Managing trusted devices that can bypass MFA
- Error Handling - Understanding API error responses