Managing active sessions
SynkriaOps lets you see all devices currently signed in to your account and instantly revoke any suspicious access. This is an essential tool if you think your account has been compromised, or if you’ve lost a device you were signed in on.
Accessing the session list
Section titled “Accessing the session list”-
Click your avatar in the top right of the header.
-
Select “Account settings”.
-
Navigate to the “Security” tab.
-
The “Active sessions” section lists all current connections.
Information displayed per session
Section titled “Information displayed per session”For each active session, SynkriaOps shows:
| Information | Description |
|---|---|
| Device | Detected device type (Computer, Tablet, Smartphone) |
| Browser | Chrome, Firefox, Safari, Edge… |
| Approximate location | City and country inferred from IP address (~city precision) |
| First sign-in date | When the session was created |
| Last activity | Date and time of the last action performed |
| Current session | Marked “This session” for easy identification |
Revoking a suspicious session
Section titled “Revoking a suspicious session”If you see a session you don’t recognize (unknown device, foreign city, unusual time):
-
From the active sessions list, locate the suspicious session.
-
Click the “Revoke” button to the right of the row.
-
Confirm the revocation. The session is immediately invalidated — the user will be signed out on their next action.
-
If the suspicious session corresponds to a real intrusion, immediately change your password and report the incident to your ADMIN and to
support@synkriaops.com.
Signing out of all devices
Section titled “Signing out of all devices”If you’ve lost a device or suspect your account has been compromised, use the global sign-out.
-
From Account settings → Security → Active sessions.
-
Click “Sign out of all devices”.
-
Confirm the action. All your sessions — including your current session — are immediately invalidated.
-
You are redirected to the sign-in page. Sign in normally.
How sessions work technically
Section titled “How sessions work technically”Understanding how sessions work helps you manage your connections in an informed way.
JWT tokens and refresh cookie
Section titled “JWT tokens and refresh cookie”SynkriaOps uses a two-level architecture:
-
JWT access token: valid 15 minutes. It is sent with every API request. When it expires, it is automatically renewed without requiring you to sign in again.
-
Refresh cookie (httpOnly, Secure): valid 30 days if you checked “Remember me”, or until browser close otherwise. This cookie allows the JWT token to be silently renewed.
When the session expires
Section titled “When the session expires”The session expires in the following cases:
| Situation | Consequence |
|---|---|
| Refresh cookie expired (> 30 days) | Sign-out — sign-in required |
| Session revoked by user | Immediate sign-out |
| Session revoked by ADMIN (account deactivation) | Immediate sign-out on all sessions |
| Inactivity > 2 hours on an inactive tab | Sign-out of that tab only |
| Browser closed (without “Remember me”) | Sign-out on next access |
Renewing an expired session
Section titled “Renewing an expired session”When your session expires, SynkriaOps automatically displays a banner “Your session has expired”. Click “Sign back in” — you’ll be redirected to the sign-in page with your email pre-filled. Enter your password to resume your work.
Data entered in unsaved forms will be lost. SynkriaOps offers auto-save of drafts on accounting vouchers every 2 minutes — check if a draft was preserved after signing back in.
Security tips
Section titled “Security tips”- Check your active sessions regularly, especially if you sign in from multiple devices.
- Revoke sessions from devices you no longer use or that you’ve lost.
- Don’t leave a session open on a shared computer — sign out manually after each use.
- After a password change, all sessions remain active unless you choose to revoke them. If you’re changing your password due to a suspected intrusion, always use “Sign out of all devices” as well.