Overview
The security page shows a sessions table with device and location details, last-seen activity, and a Current session badge for the device you are using now. You can search the table, revoke one session, or revoke all other sessions while keeping the current one active. Revoked sessions stop working across protected Fetch Hive surfaces. Dashboard and JWT-backed API requests validate the session ID and session version before they continue. To keep normal requests fast, successful validations use a short positive cache. The default cache window is 5 minutes and can be changed withAUTH_SESSION_VALIDATION_CACHE_TTL_SECONDS, so revoked or suspended JWT-backed access can remain valid until the cached (sub, sid, sv) entry expires. Rotating the session version bypasses old cache entries.

