Monitoring Active Sessions (All Users)

The Active Sessions tab gives Account Owners and Billing Managers a real-time, organization-wide view of every device currently signed in to your Broker Buddha AI workspace. From here you can see who is online, where they're connecting from, when each session expires, and remotely sign out any session — a critical tool for keeping your organization secure.

🔐 Who can use this? Active Sessions is intended for Account Owners and Billing Managers to oversee organization-wide activity. Standard Users only see their own sessions under the My Sessions tab.

🧭 Getting to Active Sessions

Step 1: Click the Settings ⚙️ icon in the bottom-left corner. Step 2: You'll land on the Users area by default. Step 3: From the top tab bar, click Active Sessions.

You'll see a header that reads Active Sessions – All Users, followed by a subtitle showing the live count of active sessions (for example, "7 active sessions currently signed in across your organization").

🔎 Searching for a Specific User

Use the Search by user name or email… box at the top to quickly narrow the list to one person. This is the fastest way to confirm whether a particular user is currently signed in — and from how many devices.

📋 What You'll See in Each Row

Each active session displays:

  • User & Device — the user's name, email, and role badge (e.g., Customer  ), along with the browser and IP address used to sign in
  • Session — a unique session ID (truncated for readability, e.g., 5d6be86d...7f6683ab  )
  • Status — typically Active  
  • Location — the geographic location associated with the IP address, when available
  • Last Active — how long ago that session last made a request
  • Expires — when the session will automatically expire if not used
  • Actions — a Logout button that ends that specific session immediately

💡 You'll often see Unknown Browser, Unknown IP, and Unknown location. This simply means the device or network metadata wasn't captured at sign-in time and is not, on its own, a security concern.

👁️ Show / Hide Tokens

In the top-right of the page you'll see a Show Tokens button. Toggling it reveals the full session ID for each row instead of the truncated version, which can be helpful when working with Broker Buddha support to identify a specific session.

🛡️ Treat full session tokens like a password — don't share them in screenshots or chats unless requested by Broker Buddha support.

🚪 Signing Out a Session Remotely

To end any active session — for example, an unfamiliar device on a user's account, or a laptop that was lost — find the row in the table and click Logout in the Actions column.

What happens next:

  • The session is terminated immediately.
  • The affected device will be signed out the next time it tries to make a request and will be returned to the login screen.
  • The session disappears from Active Sessions and moves into Session History with a Terminated   status.
  • The user's other sessions (on other devices) are not affected.

⚠️ Heads up: Logging out another user's session does not disable their account — they can simply sign in again. To prevent re-entry, also disable the user from the Users tab. See How to Add, Edit, and Disable Users.

🔍 Common Things to Look For

Active Sessions is most useful when you want to:

  • Spot unfamiliar devices or locations that don't match a user's typical sign-in patterns
  • Confirm a user is offline before disabling their account or making a sensitive change
  • Force a sign-out when a device has been lost, stolen, or shared inappropriately
  • Audit concurrent sessions to see which users are signed in from multiple devices

💡 Best Practices

  • Review Active Sessions regularly, especially after onboarding or offboarding team members.
  • Pair with Session History. When you log a session out from here, confirm it appears as Terminated   in Session History for an audit trail.
  • Use search instead of scrolling — large organizations can have many concurrent sessions.
  • Use Show Tokens sparingly — only when needed for support, and never in shared screenshots.
  • Combine with disabling. If you suspect a compromised account, log out all of the user's active sessions and disable the user account so they can't sign back in.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.