# Sessions

Authentication session management endpoints. Allows users to view active sessions across devices, revoke individual sessions or all other sessions, and permanently delete session records. Sessions are tracked in both the database and Redis for real-time state synchronization. All endpoints require authentication. The current session cannot be revoked or deleted.

## Delete all sessions except current

 - [DELETE /api/v1/sessions/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1all/delete.md): Permanently deletes all session records for the account except the current one. Unlike revoke-all, this removes session records from the database entirely. All other session tokens are removed from Redis. Requires authentication.

## List all sessions

 - [GET /api/v1/sessions/list](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1list/get.md): Returns all sessions for the authenticated account, sorted by most recently used. Session state is synchronized with Redis to reflect real-time activity. Sessions not found in Redis are marked as EXPIRED. Requires authentication.

## Revoke all sessions except current

 - [PUT /api/v1/sessions/revoke/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1all/put.md): Expires all sessions for the account except the current one. Useful for securing the account after a suspected compromise. All other session tokens are removed from Redis. Requires authentication.

## Revoke a session

 - [PUT /api/v1/sessions/revoke/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1%7Bsessionkey%7D/put.md): Expires a specific session by its session key, making it inactive but retaining the record. The session token is removed from Redis. Cannot revoke the current session - use logout instead. Requires authentication.

## Delete a session

 - [DELETE /api/v1/sessions/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1%7Bsessionkey%7D/delete.md): Permanently deletes a specific session record by its session key. Unlike revoke, this removes the session from the database entirely. The session token is also removed from Redis. Cannot delete the current session. Requires authentication.

