Skip to main content

List Sessions

Get all active sessions for the current user. 
const res = await client.account.listSessions.$get()
const { sessions } = await res.json()
Type: Private Procedure
sessions
array
Use Cases:
  • View active sessions across devices
  • Identify suspicious login activity
  • Manage session security

Revoke Session

Revoke/logout a specific session. 
const res = await client.account.revokeSession.$post({ 
  sessionId: "session-123" 
})
const { success, revokedCurrentSession } = await res.json()
Type: Private Procedure
sessionId
string
required
ID of the session to revoke
success
boolean
Whether revocation was successful
revokedCurrentSession
boolean
Whether the revoked session was the current one
Behavior:
  • User can only revoke their own sessions
  • Revoking current session logs user out
  • Session is permanently deleted from database
  • Returns 404 if session not found or doesn’t belong to user
Revoking your current session will immediately log you out.

List Device Accounts

List all accounts connected on this device. 
const res = await client.account.listDeviceAccounts.$get()
const { accounts } = await res.json()
Type: Private Procedure
accounts
array
Device Session Management: This endpoint uses better-auth’s device session feature to:
  • Track multiple accounts on the same device
  • Enable quick account switching
  • Maintain separate sessions per account
  • Deduplicate by user ID
The current account is always included in the results, even if not in device sessions.

Bootstrap Device Session

Initialize device session tracking for current user. 
const res = await client.account.bootstrapDeviceSession.$post()
const { success } = await res.json()
Type: Private Procedure
success
boolean
Whether bootstrap was successful
Purpose:
  • Registers current session as a device session
  • Required before account switching functionality works
  • Sets cookies for device session management
  • Called automatically on first login

Switch Device Account

Switch to a different account on this device. 
const res = await client.account.switchDeviceAccount.$post({ 
  userId: "user-456" 
})
const { success, switchedToUserId } = await res.json()
Type: Private Procedure
userId
string
required
User ID to switch to
success
boolean
Whether switch was successful
switchedToUserId
string
ID of the account switched to
Validation:
  • Target user must have an active device session
  • Cannot switch to already-active account (returns success immediately)
  • Sets new session cookies
  • Returns 404 if target account not found in device sessions
Account Switching Flow:
1

List accounts

Call listDeviceAccounts to see available accounts
2

Switch

Call switchDeviceAccount with target userId
3

Refresh

App automatically refreshes with new account context

Delete Account

Permanently delete the current user’s account. 
const res = await client.account.delete.$post({})
const { success } = await res.json()
Type: Private Procedure
confirmDeletion
boolean
required
Must be true to confirm deletion
success
boolean
Whether deletion was successful
Deletion Process: The following data is permanently deleted:
1

Sessions

All user sessions are deleted (logs out everywhere)
2

Boards

All boards created by user are deleted
3

Workspaces

All owned workspaces are deleted (cascades to posts, comments, etc.)
4

User record

User account is permanently deleted (cascades to remaining relations)
This action is irreversible. All user data, owned workspaces, and created content will be permanently deleted.
Cascade Deletions: Deleting a workspace cascades to:
  • All boards in the workspace
  • All posts on those boards
  • All comments on those posts
  • All votes and reactions
  • All workspace members
  • All workspace invitations
  • Custom domains
  • Branding configuration
  • Changelogs
  • Integrations
If you’re a member (but not owner) of other workspaces, your membership is retained after account deletion. Those workspaces are not affected.

Session Security

Best Practices:
  • Review active sessions regularly
  • Revoke unknown or suspicious sessions immediately
  • Use userAgent and ipAddress to identify sessions
  • Set reasonable session expiration times
Session Lifecycle:
  • Sessions are created on login
  • Session tokens stored in HTTP-only cookies
  • Sessions expire based on better-auth configuration
  • Manual revocation immediately invalidates session
Multi-Device Support:
  • Each device/browser has separate session
  • Session list shows all active sessions
  • Current session clearly marked
  • Can revoke sessions from any device

Build docs developers (and LLMs) love

Get started for freeTalk to us