- When calling `getSession` check if the user has a session in the database. if not, reject the access - Enable a refreshToken endpoint that will generate a new accessToken if the user has a session with that refresh token on the database - On logout destroy the session item on the database - Create a button to logout users from the admin dashboard - Create a list of "user sessions" on the security tab on user settings
getSessioncheck if the user has a session in the database. if not, reject the access