> ## Documentation Index
> Fetch the complete documentation index at: https://docs.novacula.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sessions and security

> View and revoke active sessions, switch organizations, and recover access from the UI

A **session** is the sign-in for one browser, IDE, or device. Each session is scoped to one **active organization** at a time; everything you see in the UI is read in that organization's scope. Sign in on a second device and you get a second session — independent of the first.

API keys are not sessions. Automation should use an API key, not your personal session — see [API keys](/docs/executors/api-keys).

## View your active sessions

Open the account menu (your avatar, top right), choose **Profile**, then open the **Security** tab. The **Active sessions** card lists every device currently signed in to your account. Each row shows:

* The device or browser (user agent), or **Unknown device** if it wasn't reported.
* The IP address it signed in from, or **No IP** if it wasn't reported.
* When the session was created.
* A **Current session** marker on the one you're using right now.

The list refreshes on its own while the card is open.

## Revoke a session

Use **Revoke** on any row that isn't your current session to sign that device out immediately — do this for a shared computer, a lost laptop, or an entry you don't recognize.

To sign out every other device at once, use **Sign out everywhere else** at the top of the card. Your current session stays active.

You can't revoke your current session from this card. To end it, use **Sign out** from the account menu.

## Change your password

On the same **Security** tab, the **Change password** card asks for your current password and a new one (at least 8 characters). Saving a new password automatically signs out all your other sessions, so anyone using a stale copy of your account is dropped.

## Switch active organization

If you belong to more than one organization, open the account menu and pick a different one under **Organization** (the current one has a checkmark). The page reloads its data in the new organization's scope; your session stays the same, only its scope changes. Open tabs show the new organization's data on their next refresh.

## Sign out

Choose **Sign out** from the account menu. This ends your current session on this device only. Your other devices stay signed in until they're revoked or expire on their own.

## If you forgot your password

When your deployment has email configured, the sign-in page shows a **Forgot password?** link. Choose it, enter your email, and follow the **Send reset link** flow. The link takes you to a page where you set a new password.

If the link isn't shown, email recovery isn't available for your deployment — contact your Novacula platform administrator, who can set a password for you directly.

If you're already signed in and just want to rotate your password, use **Change password** on the **Security** tab of your **Profile** instead — no email needed, and it signs out your other sessions in the process.

## Security checklist

* Revoke any session you don't recognize, then change your password.
* Never paste a session cookie or token into a chat, ticket, or screenshot.
* Use [API keys](/docs/executors/api-keys) for scripts and integrations, not your personal session.
