Devices page — manage where you're signed in
/account/devices shows every device currently signed into your account. Kick a device, see when each last logged in, enforce seat caps. Linked from Settings → Devices section.
What you see
A list of cards, one per device, with:
- Device name — best-guess from User-Agent (e.g., "Chrome on Windows", "InterviewChamp Desktop on macOS")
- Last active — relative time ("2 minutes ago", "yesterday")
- Location — best-guess city from IP (e.g., "Seattle, US"). Approximate, often shows ISP city not yours.
- Status pill — "This device" (green) if it's the one you're using right now, "Active" (gray) otherwise
- Sign out button — kicks that device
At the top, a Sign out everywhere button to invalidate every refresh token at once.
Seat caps per plan
Each plan caps how many concurrent devices can be signed in:
| Plan | Device cap |
|---|---|
| Free | 1 |
| Hour Pack | 1 |
| Pro Monthly | 2 |
| Pro Yearly | 3 |
| Pro+ Monthly | 5 |
| Pro+ Yearly | ∞ |
| Lifetime | ∞ |
If you try to sign in on a NEW device while at the cap, the oldest device gets bumped automatically. You'll see "Another device was signed out to make room" on the kicked device the next time it opens the app.
What counts as a device
- Each browser on each computer = 1 device (Chrome on laptop ≠ Firefox on same laptop)
- The Desktop app = 1 device per OS install
- Incognito/private mode = a new device every session (since refresh tokens don't persist)
Mobile browsers count too — visiting interviewchamp.ai on your phone is a separate device from your laptop.
Kicking a device
Click Sign out on any device row. That device's refresh token is invalidated immediately; the next time it tries to call our API it gets a 401 and is bounced to /auth.
You can't get back in to that device without signing in again. So kicking the device you're currently using = logging yourself out.
Sign out everywhere
The "Sign out everywhere" button at the top invalidates all refresh tokens including the device you're using. You'll be logged out of every browser + desktop + mobile. Useful if you lost a laptop or suspect account compromise.
After Sign out everywhere, sign back in via /auth.
How long does a device stay signed in
- Access token = 15 minutes (60 minutes in DEV_MODE)
- Refresh token = 7 days (1 hour in DEV_MODE)
So a device that hasn't been used in 7 days auto-expires. Inactive devices fall off the list silently.
Common questions
Q: I see a device I don't recognize. What do I do? A: Click Sign out on that device row immediately. Then go to Settings → Password & Security and change your password. If you signed up with Google, sign out of Google on your phone too just in case.
Q: Why does the location say Seattle but I'm in NYC? A: IP geolocation reads your ISP's nearest data center, not your physical address. AWS routes through Virginia → "Ashburn, US" is common. Mostly useful for spotting NEW countries you don't expect, not pin-pointing.
Q: I'm at my device cap and can't add my new laptop. A: That's automatic — signing in on the new laptop bumps the oldest device. If you wanted to keep the old device, manually sign it out FIRST then sign in the new one.
Q: The desktop app shows up twice — same device, two rows. A: You signed in on the desktop app, then signed in again before the first refresh token expired. The two rows are different sessions; sign out the older one. (We're working on consolidating same-device duplicates.)
Q: Does "Sign out everywhere" cancel my subscription? A: No — it only invalidates auth tokens. Your plan, billing, and data are untouched. You'll just need to sign in again.
Q: Why does Incognito show as a new device every time? A: Refresh tokens are stored in browser localStorage. Incognito clears localStorage on close, so each Incognito session is "new" to us. Use regular browsing mode if you want a persistent device.
Q: I kicked myself by mistake. How do I get back in?
A: Go to /auth and sign in again. Your account isn't locked — just the refresh token was invalidated.
Q: Can I see WHAT each device did (audit log)? A: Not yet — we show last active timestamp but not action history. Audit log is on the roadmap; for now, suspicious activity = kick + change password.
Where it lives in code
Devices page: apps/web/app/account/devices/page.tsx. List component: apps/web/components/account/devices-panel.tsx. Seat-cap enforcement: apps/api/domains/auth/device_sessions.py. Token TTLs: apps/api/domains/auth/tokens.py.
Still stuck?
Help & Feedback → Contact us with category "Account & Login" + description of the suspicious device (location, when you saw it). We can look up the IP and device fingerprint server-side.
Video walkthrough
Coming soon.
Still stuck?
Sign in and message the founder directly from the Help & Feedback tab. Every reply comes from a real person, usually within a few hours.
Contact us