ValidEmailChecker

What does the active sessions list show and where does the location come from?

Last updated May 20, 2026Account & security

Scroll down inside Account Settings, Security tab, and you land on Active Sessions. It is the canonical inventory of every device that has touched your Valid Email Checker account. One row per session, sorted with the current device first, then any other live sessions, then a history of terminated ones underneath. The Hide Inactive Sessions toggle collapses the history when you only want to see what is live right now.

The columns in the table

  • Device — the device label our session code derives from the browser user-agent (e.g. "MacBook Pro", "Windows PC", "iPhone"). A "This Device" pill highlights the row you are signing in from right now.
  • Browser & OS — browser name and version plus the operating system. Useful for spotting an unexpected combination, like a Linux browser when you only ever use macOS.
  • Location — city and country derived from the session IP. A globe icon appears instead when geolocation could not place the IP.
  • IP Address — the public IP that started the session. Stored in monospace font so it is easy to copy and compare across rows.
  • Status — Current Session, Active, Terminated, or Expired. Terminated rows show the reason underneath the device name (new_login, manual_termination, manual_termination_all, timeout).
  • Last Active and Created At — when the session last made a request and when it was first established.

Where the city and country come from

Every time the manage-sessions function creates or updates a session, it hands the IP to ipinfo.io and stores the city and country that come back. There is no GPS lookup, no browser geolocation prompt, and no attempt to ping your device — the entire location field is reverse-derived from the public IP that hit our servers. That is why a single laptop on a single Wi-Fi can suddenly show a different city if you switch carriers, fire up a VPN, or your ISP rotates your IP block.

How to use the list

Open it once a week if you are paranoid, once a month otherwise. Most people will see one current row and a stack of harmless terminated rows from previous logins on the same laptop or phone. Anything you do not recognize — an unknown device, an unfamiliar country, a session created at 3am from a city you have never visited — is worth investigating. The next step is reporting the login and tightening the account with 2FA.

Single-active-session model
VEC keeps exactly one session live per account. Signing in on a new device automatically terminates the previous one with reason new_login, which is why the history grows even when nothing suspicious is happening — every legitimate login on a new browser leaves a terminated row behind.

Related questions

How accurate is the city and country shown in the session list?
How do I see what devices are signed into my account?
Why is a login marked as "suspicious" on my Valid Email Checker account?
How do I report a suspicious login on my Valid Email Checker account?
Back to all FAQs

Still stuck? Email support