SessionManagementPage
Component Detail
Description
Administrative UI for organization and global admins to view and control active user sessions. Displays session list with device type, last activity, and IP address, and provides controls to terminate individual or all sessions for a user. Also surfaces Global Admin support access grants with revocation controls.
session-management-page
Sources & reasoning
Line 207 explicitly names admin-initiated session revocation as an auth module capability, and line 259 requires organizations to be able to revoke Global Admin support access immediately on demand. admin-security is always-on (line 241), fixing target release at MVP. Session Management is the admin surface that exposes the auth module's revocation capability; without it, the revocation requirement from line 259 cannot be fulfilled.
-
docs/source/likeperson.md · line 207Session revocation (sign-out, forced expiry, admin-initiated)
-
docs/source/likeperson.md · line 259Orgs can grant a Global Admin *time-bounded* support access via a flag in Organization Settings (e.g. "Allow Norse support access until {date}"); revoking the flag or hitting the expiry immediately removes access.
Responsibilities
- Render paginated list of active sessions per user with device, IP, and last-activity metadata
- Provide terminate-session and terminate-all-sessions actions with confirmation dialogs
- Display time-bounded Global Admin support access grants and allow immediate revocation
- Show real-time feedback after session termination actions
Interfaces
loadUserSessions(userId: string): Promise<SessionListResponse>
terminateSession(sessionId: string): Promise<void>
terminateAllSessions(userId: string): Promise<void>
revokeSupportAccess(grantId: string): Promise<void>