Does ZITADEL support session rollback or forced session invalidation?
Hi ZITADEL team 👋
I have a question regarding session management:
Does ZITADEL support any kind of session rollback or forced session invalidation?
For example, if a user performs a critical action (like device trust removal or password change), can we programmatically invalidate all active sessions and tokens — or "rollback" the current session? I’d appreciate any guidance or best practices you recommend for handling this kind of scenario. Thanks in advance!
For example, if a user performs a critical action (like device trust removal or password change), can we programmatically invalidate all active sessions and tokens — or "rollback" the current session? I’d appreciate any guidance or best practices you recommend for handling this kind of scenario. Thanks in advance!
1 Reply
hello @science20012003 thanks for reaching out, yes, you can invalidate a user's session, please take a look at this article: https://help.zitadel.com/how-to-force-a-users-logout
How to force a user's logout
This article explains the steps you can follow to force a user logout/terminate their session using the Login V2