Problem Statement
better-auth stores and manages sessions (session table + session hooks are configured in packages/auth), but the Account Section (apps/frontend/components/settings/sections/AccountSection.tsx) only allows changing email and password. A user cannot see active sessions or revoke a compromised one.
Proposed Solution
Add a "Sessions & Devices" area (General Category, visible to every user):
- List active sessions with device/user-agent info and last activity.
- "Revoke this session" per row and "Sign out of all other sessions".
- Use better-auth's session listing/revocation APIs (
authClient.listSessions / revokeSession / revokeOtherSessions); no custom schema needed.
Acceptance Criteria
Scope / Notes
Frontend + backend (auth). Mostly wiring better-auth's existing session management into the Account UI.
Problem Statement
better-auth stores and manages sessions (session table + session hooks are configured in
packages/auth), but the Account Section (apps/frontend/components/settings/sections/AccountSection.tsx) only allows changing email and password. A user cannot see active sessions or revoke a compromised one.Proposed Solution
Add a "Sessions & Devices" area (General Category, visible to every user):
authClient.listSessions/revokeSession/revokeOtherSessions); no custom schema needed.Acceptance Criteria
Scope / Notes
Frontend + backend (auth). Mostly wiring better-auth's existing session management into the Account UI.