Simon Carter
Security & Governance

ChatGPT Now Shows All Your Active Sessions — Here's What You Can Do With Them

ChatGPT's new Active Sessions feature lets you see every signed-in session on your account and log out of any you don't recognise.

security governance category

OpenAI has added a proper session management feature to ChatGPT. It’s called Active Sessions, it lives in Settings > Security, and it does exactly what the name suggests: shows you every first-party session currently signed in to your account, with enough detail to act on anything that looks unfamiliar.

For a platform with a billion monthly active users, this is a feature that probably should have existed sooner. But it’s here now, and it’s genuinely useful.

What Active Sessions Shows You

Head to Settings → Security → Active sessions in ChatGPT and you’ll see a list of signed-in sessions associated with your account. For each one, you get:

  • The device and app (ChatGPT, Codex, or API Platform where available)
  • Approximate location
  • Sign-in date and time
  • Whether the device is marked as trusted
  • Whether it’s your current session

Your current session is labelled clearly as CURRENT SESSION. You can’t log it out from that row directly — to end it, you either sign out of ChatGPT the normal way, or use the “Log out of all sessions” option.

Speaking of which: that button does what it says. It ends all active sessions across every device, including the one you’re currently on. Worth knowing before you tap it. OpenAI notes it can take up to 30 minutes to fully propagate, so if you log something out and the row is still showing, give it a few minutes and refresh.

What It Doesn’t Cover

A few things Active Sessions does not manage, which is worth being clear about:

  • Third-party app sessions
  • Connected apps
  • Sign in with ChatGPT sessions used only for third-party services
  • Codex CLI sessions
  • Recently signed-out sessions

So if you’ve given a third-party tool access to your ChatGPT account via OAuth, that’s managed separately through connected apps, not here. Active Sessions is specifically about first-party OpenAI sessions: your browsers, the ChatGPT app, Codex, and the API Platform.

OpenAI also flags that session details “may be approximate or incomplete,” and a single browser row can sometimes represent sessions across multiple first-party products. It’s a useful overview, not a forensic audit trail.

Who Can Use It

Active Sessions is available across all ChatGPT account types, including personal accounts and managed workspaces. The one exception: if your account is linked to an organisation’s SSO sign-in (SAML or OIDC), the feature won’t appear in your settings. That can apply even if your organisation doesn’t require SSO for every sign-in, or if you used a different sign-in method for your current session.

If you don’t see Active Sessions under Settings > Security, that’s likely why.

Why This Actually Matters

The practical value here is straightforward. If you’ve ever signed in to ChatGPT on a work laptop, a hotel computer, or someone else’s device and forgotten to sign out, you now have a way to fix that without resetting your password or taking a sledgehammer approach to your whole account.

For teams and admins, the governance angle is real too. As Ensar Seker, CISO at SOCRadar, put it: “Granular session control is a more efficient and less disruptive approach” compared to broad account resets. Rather than forcing a password reset that affects everyone or everything, you can terminate a specific session that looks off.

David Shipley of Beauceron Security was more direct about the context: “The reality of OpenAI offering the ability to end active sessions on ChatGPT is that it’s something that exists in lots of platforms. They should’ve had it sooner, but better late than never.”

That’s a fair summary. This isn’t a revolutionary feature. It’s standard session hygiene that most platforms have offered for years. What matters is that it’s now available on a platform that handles a significant amount of sensitive work for a lot of people.

Part of a Broader Security Push

Active Sessions is arriving alongside another OpenAI security feature worth knowing about: Advanced Account Security. That one strengthens your sign-in methods by enabling passkeys or compatible security keys and disabling weaker paths like password sign-in, email/SMS codes, and email-based account recovery.

Together, these give users more meaningful control over account access than was previously available. Active Sessions handles what’s already in; Advanced Account Security tightens what can get in.

What to Do Right Now

If you’re a regular ChatGPT user, it’s worth taking two minutes to check your active sessions. Go to Settings → Security → Active sessions and have a look at what’s listed. If anything looks unfamiliar, such as a location you don’t recognise or a sign-in time that doesn’t match your usage, you can log out of that session individually or clear everything with “Log out of all sessions.”

If you manage ChatGPT access for a team, this is now a useful tool for handling offboarding or responding to a suspected compromise without disrupting everyone else’s sessions at the same time.

It’s a small but meaningful step toward treating ChatGPT accounts with the same security discipline most organisations already apply to their other SaaS tools.