SKILL-077 Authentication and account lifecycle Locked skill

Session management

A session is a server-revocable fact, not just a cookie — store a hashed token you can list, expire, and kill on demand.

01

What this skill helps you build

Track every logged-in device, let users revoke any session, and log out everywhere — without weakening day-to-day login.

The production takeaway

A session is a server-revocable fact, not just a cookie — store a hashed token you can list, expire, and kill on demand.

02

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Authentication and account lifecycle
What this helps you build

The session layer that sits behind every "logged in" state: a per device record you can list , revoke , and expire . This is what powers the "Where you're logged in" screen in your

🔒
Authentication and account lifecycle
When to use this

You need real session management the moment a session is worth stealing — which is to say, almost always. Concretely, reach for this when you have: A remember me option that keeps

🔒
Authentication and account lifecycle
The core idea

A session is a server side fact you can revoke , not just a signed cookie the client carries. On login you mint a long random token, store only its hash , and hand the raw token to

🔒
03

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.