Code Room
System designMediumsd-g470
Subject Session managementLevel Mid–Senior~40 minCommon in Concurrency interviewsIndustries Technology

Question

Design a 'manage your active sessions / sign out other devices' feature for a 120M-user product, the kind where a user sees a list ('iPhone, Lagos, 2h ago'; 'Chrome, Berlin, now') and can revoke any one, or 'sign out everywhere'. Sessions are backed by access tokens used across a fleet of stateless API servers. The challenge: each listed session must show accurate last-seen and device info, revoking one must take effect within seconds across all servers, and 'sign out everywhere except this one' must be atomic-ish. Discuss the session record model, how revocation reaches stateless servers fast, and how you keep the device list trustworthy.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.