DELETE /v1/auth/sessions/:id
Revoke a single session.
::: tip Auth Required: cookie or Bearer. :::
Request
DELETE /v1/auth/sessions/:id
| Path param | Type | Notes |
|---|---|---|
id | UUID | The session row id from GET /v1/auth/sessions. |
Response
204 No Content
Idempotent — revoking an already-revoked session is a no-op.
Error responses
| Status | Code | When |
|---|---|---|
| 401 | authentication_required | No valid auth credential. |
| 404 | not_found | No such session, OR the session belongs to a different user. |
Notes
- The session-cache entry is invalidated so the middleware sees the revocation on the next request.
- Revoking the current session signs the caller out, but the cookies on
the response are NOT cleared (this endpoint isn't
/logout). To both revoke and clear cookies, hitPOST /v1/auth/logout.