tracecat icon indicating copy to clipboard operation
tracecat copied to clipboard
verified publisher icon TracecatHQ

feat: Add bulk session revocation functionality

Open 0xbbuddha opened this issue 3 months ago • 2 comments

Is your feature request related to a problem? Please describe. Currently, when managing user sessions, administrators need to revoke each session individually one by one. This becomes tedious and time-consuming when a user has multiple active sessions that need to be terminated, especially in security scenarios where quick bulk action is needed.

Describe the solution you'd like I would like to have a "Revoke All Sessions" option/button that allows administrators to revoke all active sessions for a specific user account with a single action. This should include a confirmation dialog to prevent accidental bulk revocations.

Describe alternatives you've considered

  • Continuing with the current one-by-one approach (inefficient)
  • Adding a multi-select checkbox system to select multiple sessions manually before revoking
  • Implementing session groups or categories for partial bulk operations

Links to relevant documentation or examples N/A

Additional context This feature request came up during team discussion after fixing session revocation issues. The current individual revocation works well, but bulk operations would significantly improve the user experience for administrators managing multiple sessions.

0xbbuddha avatar Sep 02 '25 12:09 0xbbuddha

@cursoragent create a first draft for this, we need to update the auth service and also update the sessions table in the frontend to support bulk revokes. Also consider adding a filter by email.

topher-lo avatar Sep 10 '25 12:09 topher-lo

Create PR

I implemented new API functionality for administrators to bulk delete user sessions and enhanced session listing with email filtering.

  • I added a DELETE /sessions endpoint in tracecat/organization/router.py for bulk revocation, accepting user_id or session_ids.
  • I implemented delete_sessions_for_user and delete_sessions_bulk in tracecat/organization/service.py for database operations.
  • I defined SessionsBulkDeleteRequest and SessionsBulkDeleteResponse in tracecat/organization/models.py.
  • I enhanced GET /sessions and list_sessions in tracecat/organization/service.py to filter by user_email.

3 tasks completed

  • [x] Add backend endpoint to revoke all sessions for a user
  • [x] Implement auth service method to bulk revoke sessions
  • [x] Wire backend route, validation, and permissions for bulk revoke
  • [ ] Update frontend sessions table to support multi-select and bulk revoke
  • [ ] Add confirmation dialog for bulk revoke on frontend
  • [ ] Add filter by email to sessions table
  • [ ] Connect frontend bulk revoke action to new API
  • [ ] Display success/error toasts and loading states Open in Cursor
Open in Web

Learn more about Cursor Agents

cursor[bot] avatar Sep 10 '25 12:09 cursor[bot]