> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sessions & Devices

> View and manage active user sessions and trusted devices for the organization, with the ability to terminate sessions and revoke device trust.

Sessions and device management page at `/settings/sessions` where administrators view active sessions, terminate individual or all sessions, and manage trusted devices.

## Overview

The Sessions & Devices page uses `useSessionsList` and `useDevicesList` (both scoped to the current organization) to display two tabs. The **Sessions** tab lists active sessions with timestamps; users can terminate individual sessions via `useTerminateSession` or all sessions via `useTerminateAllSessions`. The **Devices** tab lists recognized devices; trusted devices can have trust revoked via `useUntrustDevice`. Both tabs use confirmation dialogs for destructive actions. The page checks `pf.sessions.terminate_org` (for bulk termination) and `pf.devices.revoke_trust` (for device revocation) via `useHasPermission`. The route is gated by `platform.sessions.view`.

## Who it's for

**Required permission:** `platform.sessions.view`; `pf.sessions.terminate_org` for bulk termination; `pf.devices.revoke_trust` for device trust revocation.

## Before you start

* You must hold `platform.sessions.view` to access the page.
* Additional permissions are required for bulk termination and device revocation.

## Steps

1. Navigate to `/settings/sessions`.
2. On the **Sessions** tab, review active sessions. Click **Terminate** on a row to end that session.
3. Use **Terminate All Sessions** (if you hold `pf.sessions.terminate_org`) to invalidate all active sessions.
4. On the **Devices** tab, review trusted devices and revoke trust on any unrecognized device (requires `pf.devices.revoke_trust`).

## Key concepts

**Active session** — A session with status `active`. The count is computed client-side from the sessions list.

**Trusted device** — A device the user has marked as recognized. Trusted devices may be exempt from additional MFA challenges. SME: confirm exact trust behavior.

**Terminate session** — Invalidates the session token, forcing re-authentication on the affected device.

## Related

<Columns cols={2}>
  <Card title="Platform Foundation" icon="layer-group" href="/pf/overview">
    Platform Foundation overview.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index" />
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/platform.tsx
  * src/platform/sessions/pages/SessionManagementPage.tsx
  * src/platform/sessions/hooks/useSessionsList.ts
</Accordion>
