Get Active Sessions
GET
/web/v1/system/security/sessions JWTRetrieves all active login sessions for the authenticated user. The current session is marked with isCurrent: true.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
Request Parameters
No request parameters required.
Request Example
No request body required.
Success Response
Success 200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": [
{
"sessionId": "SESS...C_001",
"clientIp": "127.0.0.10",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
"loginTime": "2026-03-23T10:00:00Z",
"lastActivityTime": "2026-03-23T12:30:00Z",
"isCurrent": true
},
{
"sessionId": "SESS...R_001",
"clientIp": "127.0.0.11",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"loginTime": "2026-03-23T09:00:00Z",
"lastActivityTime": "2026-03-23T11:45:00Z",
"isCurrent": false
}
]
}| Field | Type | Description |
|---|---|---|
sessionId | string | Session identifier (masked for security, e.g. "SESS...C_001") |
clientIp | string | Client IP address |
userAgent | string | User-Agent string |
loginTime | string (ISO 8601) | When the session was created |
lastActivityTime | string (ISO 8601) | Last activity timestamp |
isCurrent | boolean | true if this is the session making the request |
Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
- Session IDs are masked (first 4 chars +
...+ last 4 chars) for security. The full session ID is never exposed. - The
isCurrentfield indicates whether each session is the one making this request. - Sessions are registered upon login and include IP and User-Agent metadata.