The Rackwave portal tracks every active login session — including the device type, browser, IP address, and location. Reviewing and managing active sessions allows you to detect unauthorised access and revoke sessions from devices you no longer use or do not recognise.
What Is a Session?
A session is created every time someone successfully logs in to your Rackwave account. It remains active until:
- The user manually logs out.
- The session reaches its idle timeout (typically 24 hours of inactivity).
- An admin or the account owner revokes it manually.
- The account password is changed (all sessions are invalidated on password change).
- 2FA is enabled or disabled (all sessions are invalidated).
How to View Active Sessions
- Log in to the Rackwave portal.
- Go to My Account → Security → Active Sessions.
- You will see a list of all currently active sessions on your account.
Session Information Displayed
| Field | What It Shows |
|---|---|
| Device | Device type and name (e.g. Windows PC, MacBook, iPhone 14) |
| Browser | Browser and version (e.g. Chrome 125, Safari 17) |
| IP Address | The IP address from which the login was made |
| Location | Approximate geographic location derived from IP (city and country) |
| Last Active | Timestamp of the most recent activity in this session |
| Login Date | Date and time this session was created (login time) |
| Current Session | The session you are using right now is marked with a Current badge |
How to Revoke a Specific Session
- Go to Active Sessions.
- Locate the session you want to terminate.
- Click Revoke or the terminate icon at the right end of the session row.
- The session is invalidated immediately — that device is logged out instantly on its next request.
How to Revoke All Sessions Except Current
If you suspect your account has been accessed without your knowledge, revoking all other sessions is the fastest way to cut off unauthorised access:
- Go to Active Sessions.
- Click Revoke All Other Sessions at the top of the page.
- Confirm the action.
- All sessions except your current one are terminated immediately.
- After revoking sessions, change your password immediately to prevent the attacker from logging in again.
- Revoke all other sessions immediately.
- Change your password.
- Enable 2FA if not already active.
- Review your API keys and revoke any unrecognised ones.
- Contact Rackwave support to report the suspected breach.
Session Timeout Settings
| Timeout Type | Default Duration | Behaviour |
|---|---|---|
| Idle timeout | 24 hours of inactivity | Session expires automatically if no portal activity for 24 hours |
| Absolute session limit | 30 days | Even if active, all sessions are terminated after 30 days — re-login required |
| Password change | Immediate | All sessions across all devices are invalidated when password is changed |
| 2FA change | Immediate | All sessions are invalidated when 2FA is enabled or disabled |
Platform Sessions (MigoSMTP / Telnxo)
Platform sessions — created when you access MigoSMTP or Telnxo via SSO — are managed separately within each platform. Revoking a Rackwave portal session does not automatically terminate your MigoSMTP or Telnxo session if you are already logged into those platforms. To fully log out of a platform:
- Click your avatar in the top-right corner of the platform dashboard and select Log Out.
- Or close the browser tab — platform sessions expire based on each platform's own idle timeout (typically 2–4 hours).