DELETE /v1/auth/sessions
Revoke every active session for the caller, including the current one.
::: tip Auth Required: cookie or Bearer. :::
Request
DELETE /v1/auth/sessions
No body.
Response
204 No Content
All active sessions for this user are marked revoked. Session-cache entries are invalidated.
Error responses
| Status | Code | When |
|---|---|---|
| 401 | authentication_required | No valid auth credential. |
Notes
- Use this for the "sign out everywhere" feature after a suspected compromise.
- Does NOT clear the cookies in the response — pair with a
POST /v1/auth/logoutcall client-side if you also want the cookies wiped, or have your UI redirect to login (the now-revoked access token will fail 401 immediately). - Does NOT delete
trusted_browsersentries. - An audit entry is recorded per session as the middleware sees subsequent 401s.