Skip to content

[Feature]: Sessions & devices management in Account settings #465

Description

@bjrump

Problem Statement

better-auth stores and manages sessions (session table + session hooks are configured in packages/auth), but the Account Section (apps/frontend/components/settings/sections/AccountSection.tsx) only allows changing email and password. A user cannot see active sessions or revoke a compromised one.

Proposed Solution

Add a "Sessions & Devices" area (General Category, visible to every user):

  • List active sessions with device/user-agent info and last activity.
  • "Revoke this session" per row and "Sign out of all other sessions".
  • Use better-auth's session listing/revocation APIs (authClient.listSessions / revokeSession / revokeOtherSessions); no custom schema needed.

Acceptance Criteria

  • The user can view their active sessions with at least device/user-agent and last-activity.
  • Revoking a session invalidates it; the current session is clearly marked and not accidentally revoked by "others".
  • "Sign out everywhere else" works.
  • de + en strings.

Scope / Notes

Frontend + backend (auth). Mostly wiring better-auth's existing session management into the Account UI.

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions