View User Session Information on the Session Management Page
Monitor and protect Salesforce by reviewing active sessions and session details on the Session Management page in Setup. You can create custom list views, view details about a user associated with a specific session, and easily end suspicious sessions. Salesforce admins can view all active user sessions, and non-admins see only their sessions.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: All Editions |
To access user session information, from Setup, in the Quick Find box, enter Session Management, and then select Session Management. The page shows all active sessions, including sessions that are associated with JWT-based access tokens.
When you manually end a user’s session by clicking the Remove button, the user must log in again to the organization.
For most Salesforce services, ending the session immediately revokes the associated access token. For some services, it can take up to 30 minutes before the associated token is revoked.
Salesforce issues a session cookie to record encrypted authentication information for the duration of a specific session. The session cookie doesn't include the user's username or password. Salesforce doesn't use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
This table contains information about the fields that you can view on this page. Because of the nature of geolocation technology, the accuracy of geolocation fields, for example, country, city, or postal code, can vary.
| Field | Description |
|---|---|
| City | The city where the user’s IP address is physically located. This value isn’t localized. |
| Country | The country where the user’s IP address is physically located. This value isn’t localized. |
| Country Code | The ISO 3166 code for the country where the user’s IP address is physically located. This value isn’t localized. For more information, see Country Codes - ISO 3166. |
| Created | The date and timestamp of when the session began. |
| Latitude | The latitude where the user’s IP address is physically located. |
| Location | The approximate location of the IP address from where the user logged in. To show more geographic information, such as approximate city and postal code, create a custom view to include those fields. This value isn’t localized. |
| Longitude | The longitude where the user’s IP address is physically located. |
| Login Type | The type of login associated with the session. Some login types include Application, SAML, and Portal. |
| Parent Session ID | If a session has a parent, this ID is the parent’s unique ID. |
| Postal Code | The postal code where the user’s IP address is physically located. This value isn’t localized. |
| Session ID | The unique ID for the session. |
| Session Type | The type of session the user is logged in to. For example, common ones are UI, Content, API, and Visualforce. |
| Source IP | The IP address associated with the session. |
| Subdivision | The name of the subdivision where the user’s IP address is physically located. This value isn’t localized. |
| User Type | The profile type associated with the session. |
| Username | The username used when logged in to the session. To view the user’s profile page, click the username. |
| Updated | The date and timestamp of the last session update due to activity. For example, during a UI session, users make frequent changes to records and other data as they work. With each change, both the Updated and Valid Until date and timestamps are refreshed. |
| Valid Until | If you don’t end the session manually, the date and timestamp of when the session automatically expires. |
