Overview
A session in Dynamic lasts until the JWT expires or is explicitly revoked. You can end sessions from the client (user-initiated logout), from your backend (server-side revocation), or from the Dynamic Dashboard (admin-initiated).Client-side logout
The simplest way to end a session is to call the logout method in your SDK. This clears all session data on the client, including the Dynamic user object and any connected wallets (non-verified wallets). Each SDK provides a logout function:- JavaScript:
logout()from@dynamic-labs-sdk/client— see User & Session Management - Swift: See Session Management
- Kotlin: See Session Management
- Flutter: See Session Management
Server-side revocation
You can revoke sessions from your backend using the Dynamic API. This is useful for administrative actions, security incidents, or when you need to force a user to re-authenticate.Revoke a specific session
Revoke a single session by its session ID. See the Revoke a session API reference.Revoke all sessions for a user
Revoke all active sessions for a specific user, forcing them to re-authenticate on all devices. See the Revoke sessions by user ID API reference.Revoke all sessions for an environment
Revoke all active sessions across your entire environment. Use this for security incidents or environment-wide credential rotation. See the Revoke all sessions for an environment API reference.Dashboard revocation
Admins can revoke user sessions from the Dynamic Dashboard. Navigate to the user’s detail page in the Users section to manage their sessions.Webhook events
Dynamic fires webhook events when sessions are revoked, allowing you to react in your backend:user.session.revoked— Fired when a user session is revoked. The payload is a Session object.admin.user.session.revoked— Fired when an admin revokes a user session. The payload is a Session object.