> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to manage user sessions with the Auth0 Management API.

# Manage User Sessions with Auth0 Management API

Auth0 uses [sessions](/docs/manage-users/sessions) to maintain the authentication state of a user across requests.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  The Auth0 Management API session management endpoints are available to customers on Enterprise plans. To learn more, read [Pricing](https://auth0.com/pricing).
</Callout>

## Management API endpoints

The [Management API](https://auth0.com/docs/api/management/v2) provides out-of-band access to the internals of user sessions in the [Auth0 Session Layer](/docs/manage-users/sessions/session-layers), and deletion methods to force session termination.

### Session resource

You can view or delete a specific session with the following endpoints:

| Name                                | URL                                   | Required scope(s) |
| ----------------------------------- | ------------------------------------- | ----------------- |
| Introspect a specific session by ID | `GET /api/v2/sessions/{sessionId}`    | `read:sessions`   |
| Delete a specific session by ID     | `DELETE /api/v2/sessions/{sessionId}` | `delete:sessions` |

### User resource

You can list or delete all sessions for a given user with the following endpoints:

| Name                            | URL                                      | Required scope(s) |
| ------------------------------- | ---------------------------------------- | ----------------- |
| List sessions details of a user | `GET /api/v2/users/{userId}/sessions`    | `read:sessions`   |
| Delete all user sessions        | `DELETE /api/v2/users/{userId}/sessions` | `delete:sessions` |

## Session properties

The session endpoints return relevant information about the session and its history.

| Field                      | Description                                                                                                                                                                                                                                |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Session ID                 | The session ID is a persistent identifier of the session in the Auth0 tenant.<br /><br />Note that the session ID corresponds to the `sid` claim already in ID Tokens and Logout Tokens and can be used to cross-reference these entities. |
| Relevant Time              | Session creation, authentication time, and expiry information.                                                                                                                                                                             |
| Device Information         | The device property traces details related to the user agent (for example, browser) used in the interactions with this Auth0 session.                                                                                                      |
| Authentication Information | Contains summary information about the methods used to authenticate in this session.                                                                                                                                                       |

For detailed information about these fields, refer to the [Management API documentation](https://auth0.com/docs/api/management/v2).

## OIDC Back-Channel Logout Initiators

Session deletion events are connected to [OIDC Back-Channel Logout](/docs/authenticate/login/logout/back-channel-logout) through the `session-deleted` initiator. To learn more, read [OIDC Back-Channel Logout Initiators](/docs/authenticate/login/logout/back-channel-logout/oidc-back-channel-logout-initiators).

## Sessions and refresh tokens

Sessions and <Tooltip tip="Refresh Token: Token used to obtain a renewed Access Token without forcing users to log in again." cta="View Glossary" href="/docs/glossary?term=refresh+tokens">refresh tokens</Tooltip> collaborate to reduce the friction of user authentication while optimizing security. To learn more, read [Best Practices for Application Session Management on Auth0 Blog](https://auth0.com/blog/application-session-management-best-practices).

Refresh tokens can remain active after a session has expired or been deleted, or after the user logs out. You can use the <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip> to [manage refresh tokens](/docs/secure/tokens/manage-refresh-tokens-with-auth0-management-api) independently or in collaboration with sessions.

## Limitations

Delete session operations run asynchronously, and are eventually consistent.

## Learn more

* [Log Users Out of Auth0 with OIDC Endpoint](/docs/authenticate/login/logout/log-users-out-of-auth0)
* [OIDC Back-Channel Logout](/docs/authenticate/login/logout/back-channel-logout)
* [OIDC Back-Channel Logout Initiators](/docs/authenticate/login/logout/back-channel-logout/oidc-back-channel-logout-initiators)
* [Configure OIDC Back-Channel Logout](/docs/authenticate/login/logout/back-channel-logout/configure-back-channel-logout)