Active Sessions

A session begins when you sign in and ends when you sign out or when the server expires your token for security. Review this list regularly. If you see an unfamiliar location or device, sign out other sessions and change your password.

Recent sessions (most recent first)

Session ID Started Last activity Device Location Current
sess_01 2026-04-18T19:44:12-04:00 2026-04-19T10:02:00-04:00 Chrome 124 on Windows 11 Toronto, ON This device
sess_02 2026-04-17T08:12:03-04:00 2026-04-17T18:40:00-04:00 Safari on iPhone 16 Mississauga, ON
sess_03 2026-04-10T12:01:00-04:00 2026-04-10T12:45:00-04:00 Firefox 125 on macOS Ottawa, ON

Location accuracy

Locations are derived from IP geolocation and may show a nearby city rather than your exact municipality. Mobile carriers and VPNs can shift apparent location. Use device names and time patterns as additional signals when judging whether a session is legitimate.

Session tables pair well with authentication event logs in enterprise systems. Here, correlate visually with recent password changes or MFA prompts you remember performing.

2FA settings Digital services hub

Active sessions — geography, revocation, and tokens

IP geolocation is approximate; border towns and VPNs produce misleading city labels—copy should say “approximate location.”

Revoking a session should invalidate refresh tokens and cookies server-side; client-only deletes are theatre.

Concurrent session limits reduce credential-stuffing impact; premium users may expect more seats—product policy question.

Corporate shared devices and kiosks need “private browsing” education; link Privacy.

This site is an unofficial interface and is not affiliated with the Government of Canada.

Secure channel · Build 4.19.2 · production-sim