> ## Documentation Index
> Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoking Sessions

> How to end user sessions in Dynamic — client-side logout, server-side revocation via API, and webhook events.

## Overview

A session in Dynamic lasts until the JWT expires or is explicitly revoked. You can end sessions from the client (user-initiated logout), from your backend (server-side revocation), or from the Dynamic Dashboard (admin-initiated).

## Client-side logout

The simplest way to end a session is to call the logout method in your SDK. This clears all session data on the client, including the Dynamic user object and any connected wallets (non-verified wallets).

Each SDK provides a logout function:

* **JavaScript**: `logout()` from `@dynamic-labs-sdk/client` — see [User & Session Management](/javascript/user-session-management)
* **Swift**: See [Session Management](/swift/session-management)
* **Kotlin**: See [Session Management](/kotlin/session-management)
* **Flutter**: See [Session Management](/flutter/session-management)

## Server-side revocation

You can revoke sessions from your backend using the Dynamic API. This is useful for administrative actions, security incidents, or when you need to force a user to re-authenticate.

### Revoke a specific session

Revoke a single session by its session ID.

See the [Revoke a session](/api-reference/sessions/revoke-a-session) API reference.

### Revoke all sessions for a user

Revoke all active sessions for a specific user, forcing them to re-authenticate on all devices.

See the [Revoke sessions by user ID](/api-reference/users/revoke-sessions-by-user-id) API reference.

### Revoke all sessions for an environment

Revoke all active sessions across your entire environment. Use this for security incidents or environment-wide credential rotation.

See the [Revoke all sessions for an environment](/api-reference/sessions/revoke-all-sessions-for-an-environment) API reference.

## Dashboard revocation

Admins can revoke user sessions from the Dynamic Dashboard. Navigate to the user's detail page in the [Users](https://app.dynamic.xyz/dashboard/users) section to manage their sessions.

## Webhook events

Dynamic fires webhook events when sessions are revoked, allowing you to react in your backend:

* **`user.session.revoked`** — Fired when a user session is revoked. The payload is a [Session](/api-reference/schemas/Session) object.
* **`admin.user.session.revoked`** — Fired when an admin revokes a user session. The payload is a [Session](/api-reference/schemas/Session) object.

For webhook setup and all available events, see [Webhook Events](/overview/developer-dashboard/webhooks/events).

## Automatic session expiry

If no explicit revocation occurs, sessions end automatically when the JWT expires. Configure the JWT lifetime in your [dashboard security settings](/overview/developer-dashboard/security). The maximum lifetime is 30 days. When the token expires, the SDK clears the session (user object and token) and the user must re-authenticate.