The combination of a session-token and a session database entry provides a convenient method for revoking sessions.

Revoking a session involves deleting the corresponding session entry from the Corbado database. You can accomplish this easily through the developer panel by accessing the session list.

Technically speaking, the session will persist until the session-token expires. Thus the revocation/logout will be delayed to a maximum of the session-token lifetime.

Was this page helpful?

Session fixation protectionOAuth2 comparison