Skip to content
Onplana Docs

Manage sessions and devices

All plans Any member

Every sign-in creates a session tied to that device and browser. You can see all of yours, end any of them, and rely on organization policies to clean up idle ones automatically.

Review your active sessions

Section titled “Review your active sessions”

  1. Open Settings and go to the Security tab.

  2. The Active Sessions list shows each device currently signed in, with its browser, IP address, and when it was last seen.

  3. Select revoke on any session you do not recognize. That device is signed out on its next request.

Your current session is marked in the list and cannot be revoked from there; to end it along with everything else, use Logout All Devices.

Logout All Devices

Section titled “Logout All Devices”

The Session Management section’s Logout All Devices button ends every session at once, including the one you are using. Use it when you have signed in on a shared or lost device, or any time you want a clean slate.

Password changes and your sessions

Section titled “Password changes and your sessions”

Changing your password (also in Settings → Security) signs out every other device but keeps your current session alive, so you are not dumped to the login screen mid-change. This is the recommended response to a suspicious session: revoke it, then change your password.

Idle timeout, set by your organization

Section titled “Idle timeout, set by your organization”

Owners and Admins can set a session policy in Organization Settings → Security & Compliance: an idle timeout (15, 30, 60, or 120 minutes, or off) and an optional cap on simultaneous sessions per user. Sessions idle past the timeout are signed out automatically. If you belong to several organizations, the strictest timeout among them applies to your account.

FAQs

Section titled “FAQs”

I see a session from a location I do not recognize. What should I do? Revoke it immediately, then change your password (which signs out all other devices), and check that two-factor authentication is on. See Enforce two-factor authentication.

Does revoking sessions affect my API tokens? No. Personal access tokens are independent of browser sessions and have their own revocation. Manage them under Settings → Developer, see Create API tokens.

What does the per-user session cap do? When an organization sets a maximum number of sessions, signing in on a new device beyond the cap quietly ends your oldest session.

Why does the same login appear twice? Each browser profile and each device counts separately. Two entries from the same machine usually means two browsers, or a normal and a private window.