Lagos, Nigeria

Protonmail: How to Revoke Old Sessions – Technipages

When you authenticate to a website, a session is created. Sessions are managed on devices through the use of session tokens or cookies which are just an identifier that your device provides the website to let it know which device is making the request. When the website sees the identifier, it knows that refers to a specific session and keeps you logged in.

Tip: This is why it is important to keep session tokens private. If an attacker can gain access to a session token, they can provide it to the server and it can’t tell that the attacker is not legitimate unless other verification methods are used in tandem.

Session tokens are often created with an expiry time so that your session isn’t valid forever. This helps to reduce the risk of any individual session token being compromised by an attacker while it is still valid and reduces the server requirement to track all valid session tokens.

Generally, session tokens are also expired when you click the “log out” button, however, some websites don’t do this correctly and so it can be possible to use an old session token even after the user has logged out.

ProtonMail automatically expires session tokens are either two weeks of inactivity or after six months, although changing your password explicitly resets the six-month timer. To help you manually manage your risk of valid sessions being compromised, ProtonMail allows you to see a list of all currently valid sessions and to end them.

To access your session list, click on “Settings” in the top bar, then switch to the “Security” tab. You can find the “Session Management” section on the right of the window. Here you can see a list of all currently valid sessions, which platform they’re for, which user account they’re for, and when they were created. You can either delete individual sessions by clicking the relevant “Revoke” link or you can revoke them all by clicking “Revoke All Other Sessions”. Either option will require you to re-enter your password to confirm the legitimacy of the request.

Revoke individual sessions or all other sessions in the “Security” tab of the settings.

This post was written by Mel Hawthorne and was first posted to Technipages

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

[newsletter_form type="minimal" lists="undefined" button_color="undefined"]

Tags: , ,