To invalidate a session in couchdb, there are two options:
- change the session signing certificate on the server
- change the password and/or salt for the user whose session should be invalidated
There are drawbacks to note with each. Option 1 will invalidate all sessions; option 2 will invalidate all sessions for that user, and also their password.
Because of the nature of couch's session management, there is no way to see a list of active/open sessions. Invalidating a specific session key could be achieved by blacklisting a cookie value in e.g. nginx or API, but this is unlikely to be of practical value.