Managing Sessions

Learn how to view your active sessions on Opengates, understand session details, revoke suspicious sessions, sign out of all devices, and keep your account secure through regular session management.

Managing Sessions

Every time you log into your Opengates account on a device, a session is created. A session keeps you logged in so you don't have to enter your password every time you visit the site or open the app. While sessions are convenient, they also mean that your account could be accessible from multiple devices at the same time — including devices you may have forgotten about or no longer control.

Opengates gives you full visibility into your active sessions and the ability to revoke any session at any time. This guide explains everything you need to know about session management: how to view your sessions, what the session details mean, how to revoke suspicious sessions, and why regular session management is an important security habit.

Why Session Management Matters

Protecting Against Unauthorized Access

If someone gains access to one of your devices — whether it's a lost phone, a stolen laptop, or a computer you used at a library or coworking space — they could potentially access your Opengates account through an existing session. By regularly reviewing your sessions, you can spot unauthorized access and shut it down immediately.

Maintaining Control of Your Account

As a freelancer on Opengates, your account is your business. It holds your project history, client communications, earnings, and professional reputation. Knowing exactly where your account is logged in gives you control over who can access your work and your money.

Responding to Security Incidents

If you receive a security alert about a suspicious login or if you notice unfamiliar activity on your account, the sessions page is the first place to check. You can quickly identify the suspicious session and revoke it before any damage is done.

Viewing Your Active Sessions

On the Web

  1. Log in to your Opengates account at opengates.app.
  2. Click your profile photo in the top-right corner.
  3. Select Settings from the dropdown menu.
  4. Navigate to SecurityActive Sessions or Sessions.
  5. You'll see a list of all devices and browsers currently logged into your account.

On Mobile (iOS & Android)

  1. Open the Opengates app.
  2. Tap the profile iconSettings.
  3. Tap SecurityActive Sessions.
  4. You'll see a list of all active sessions.

Understanding Session Details

Each session in the list includes several pieces of information to help you identify the device and determine whether the session is legitimate.

Device Information

  • Device type: Whether the session is on a desktop, laptop, tablet, or mobile phone.
  • Operating system: The OS of the device (e.g., Windows 11, macOS Sonoma, iOS 17, Android 14).
  • Browser or app: The browser being used (e.g., Chrome 121, Safari 17, Firefox 122) or "Opengates App" for mobile sessions.

Location Information

  • Approximate location: The city and country where the session was initiated, based on the device's IP address.
  • IP address: The numerical address of the network the device is connected to.

Important note about location accuracy: Location is determined by IP address geolocation, which is an approximation. It may show your ISP's location rather than your exact physical location. If you're using a VPN, the location will reflect the VPN server's location, not yours. Minor location discrepancies are normal and don't necessarily indicate suspicious activity.

Activity Information

  • Login date: When the session was created (when you logged in on that device).
  • Last active: The most recent time the session was used to access Opengates. This helps you identify sessions that may have been idle for a long time.
  • Session status: Whether the session is currently active or idle.

Current Session Indicator

Your current session (the one you're using right now) is marked with a "Current Session" or "This Device" label. This session cannot be revoked from this page — you would need to log out normally or from a different device.

Identifying Suspicious Sessions

Regular session reviews help you spot potential security threats. Here are signs that a session might be unauthorized:

Red Flags to Watch For

  • Unfamiliar device: A device type, operating system, or browser you don't recognize or don't own.
  • Unexpected location: A city or country you haven't been to or don't have a VPN server in.
  • Multiple sessions from different locations: If you see sessions in two distant cities at the same time and you weren't traveling, one of them could be an unauthorized login.
  • Sessions on devices you no longer own: If you sold, gave away, or lost a device and see it listed, someone else may be using it to access your account.
  • Sessions at unusual times: A login at 3:00 AM when you know you were asleep could be suspicious.
  • Browser or app you don't use: If you exclusively use Chrome and see a session from Firefox, that could be a sign of unauthorized access.

What to Do If You See a Suspicious Session

  1. Don't panic, but act quickly.
  2. Revoke the suspicious session immediately (see below).
  3. Change your password right away. See the Password Reset guide.
  4. Enable 2FA if you haven't already. See the Two-Factor Authentication guide.
  5. Review your account activity for any unauthorized changes to your profile, payment settings, or projects.
  6. Contact support if you believe your account has been compromised. Our team can help investigate and secure your account.

Revoking Individual Sessions

If you want to log out of a specific device — whether it's a suspicious session or a device you no longer use — you can revoke it individually.

How to Revoke a Session

  1. Go to SettingsSecurityActive Sessions.
  2. Find the session you want to revoke in the list.
  3. Click or tap the "Revoke", "End Session", or "Log Out" button next to that session.
  4. You may be asked to confirm the action.
  5. The session is immediately terminated. The device will no longer have access to your account and will need to log in again.

What Happens After Revoking a Session

  • The device is immediately logged out of your Opengates account.
  • Any unsaved work on that device (like a draft message or incomplete form) may be lost.
  • The person using that device will be redirected to the login page.
  • If 2FA is enabled, they'll need both the password and a 2FA code to log back in.
  • Revoking a session does not change your password. If you suspect unauthorized access, change your password as well.

Signing Out of All Devices

If you want to log out of every device at once — a common step when you suspect your account has been compromised — you can sign out of all sessions simultaneously.

How to Sign Out of All Devices

  1. Go to SettingsSecurityActive Sessions.
  2. Scroll to the bottom of the sessions list.
  3. Click or tap "Sign Out of All Devices" or "Revoke All Sessions".
  4. You'll be asked to confirm this action. You may need to enter your password.
  5. All sessions — on every device — will be terminated immediately.
  6. You will remain logged in on your current device (the one you're using to perform this action).
  7. On every other device, anyone using your account will be logged out and sent to the login page.

When to Use "Sign Out of All Devices"

  • When you've changed your password and want to make sure the new password is required everywhere.
  • When you suspect your account has been accessed by someone else.
  • When you've lost a device that was logged into your account.
  • As a periodic security measure — for example, every few months.
  • When you're about to travel and want to ensure no old sessions remain active.

Session Expiration

Not all sessions last forever. Opengates has built-in session expiration policies to help protect your account:

Automatic Expiration

  • Web sessions: Sessions on web browsers expire after 30 days of inactivity. If you haven't accessed Opengates from a particular browser in 30 days, you'll need to log in again.
  • Mobile app sessions: Sessions in the Opengates mobile app may last longer, but will expire if you haven't used the app in 90 days.
  • Password changes: Changing your password does not automatically revoke existing sessions, but you can manually sign out of all devices after changing your password.
  • Password resets: Resetting your password via the email link will automatically sign you out of all sessions for security.

"Remember Me" and Trusted Devices

When logging in, you may see a "Remember Me" or "Keep Me Logged In" option. Enabling this extends your session duration so you don't have to log in as frequently. However:

  • Only use "Remember Me" on personal, secure devices.
  • Never use it on shared, public, or borrowed computers.
  • Even with "Remember Me" enabled, you should still review your sessions periodically.

Best Practices for Session Management

Make It a Regular Habit

Review your active sessions at least once a month. It only takes a minute and can help you catch potential issues before they become serious problems.

Clean Up Old Sessions

If you see sessions on devices you haven't used in a while, revoke them. There's no benefit to keeping old sessions active, and each one is a potential security risk.

After Traveling or Using Shared Devices

Whenever you access Opengates from a device that isn't your own — a hotel business center, a friend's computer, a coworking space — make sure to log out when you're done. Follow up by checking your sessions from your personal device and revoking any that shouldn't be active.

Combine with Other Security Features

Session management works best when combined with other security features:

  • Strong password: Makes it harder for unauthorized sessions to be created in the first place.
  • Two-factor authentication: Even if someone has your password, they can't create a session without your 2FA code.
  • Passkeys: Passkeys are tied to specific devices, making unauthorized sessions even less likely.
  • Security notifications: Enable notifications for new logins so you're immediately alerted when a new session is created.

Monitor After Security Changes

Whenever you change your password, enable or disable 2FA, or add/remove a passkey, review your active sessions to make sure everything looks as expected.

Frequently Asked Questions

Will revoking a session delete my data on that device?

No. Revoking a session only logs the device out of your Opengates account. It does not delete any data on the device itself (such as downloaded files or cached information).

Can I see my full login history?

The Active Sessions page shows your currently active sessions. For a complete login history, including past sessions that have expired or been revoked, check your account's Security Log or Activity History if available in your settings.

Why does the location shown not match where I am?

Location is determined by your IP address, which may not perfectly reflect your physical location. Factors that can cause discrepancies include: VPN usage, mobile carrier routing, ISP server locations, and proxy services. If the location is in a completely different country and you're not using a VPN, that's more likely to be a genuine concern.

Can someone log back in after I revoke their session?

Revoking a session logs them out, but if they know your password (and don't need 2FA), they could log in again. That's why it's important to change your password and enable 2FA whenever you revoke a suspicious session.

Still need help? Contact our support team and we'll be happy to assist you.

Managing Sessions - Opengates Help Center