Single point to revoke all Session in Phoenix

To login in our custom crm, We do SSO from google, for specific email domain,. Its achieved via a workos.

I want to implement a feature where I can logout a user based on the email. Say, I go to admin setting, for the user and click on logout, so he/she get logout from CRM.

How can I get session for that person. and clear his session. like this
the_conn_based_on his email id |> clear_session() |> configure_session( drop: true)

Is it possible to do in phoenix or I have to look into workos?

Unless you’re using a server side session store there’s no way to drop a session from the server side. The default session store is cookie based. You have no control over the cookie (on the client).

Depending on the system used for authentication you could however still for the user to be logged out on their next request. E.g. mix phx.gen.auth stores valid user token in the db, which you can remove to invalidate a users logged in status. This would indirectly cause the session to be dropped as well.

1 Like

I am not soo much aware of dealing with session in phoenix.
But we get a profile code in the callback and we fetch details from provider,and put in session. then just do Conn|> configure_session(renew: true)

So I have to impl Plug.Session.Store behaviour , where operation are on db and just mention the module name in session options?
@session_options [
# Authentication lasts only 3hours
store: :session_store_module,


Also take care to log the user out of any liveviews and channels when you revoke the session : Security considerations — Phoenix LiveView v0.19.5

1 Like