What's Changed
🔒 Session Revocation Now Enforced on Active Connections
Previously, revoking a login session (via Profile → Active Sessions) only prevented future API calls — but any active SSH, RDP, or VNC connection kept working until the user manually disconnected. This release closes that gap:
- Revoking a session now immediately terminates any open SSH, RDP, or VNC connections belonging to that session.
- The revoked user is instantly redirected to the login page — no waiting, no manual disconnect needed.
- WebSocket connections opened after a session is revoked are refused at the server level.
🐛 Fix: Revoked Sessions Could Still Open New Connections
A revoked session token could still successfully open new SSH/RDP/VNC proxy connections. This is now blocked — the server checks revocation status at WebSocket connect time before allowing any session to proceed.
Container image
```bash
docker run -d -p 7443:7443 ghcr.io/kotoxie/alterm:0.4.9
```