OpenAI added ChatGPT active sessions to ChatGPT on June 2, 2026. The feature gives users a dedicated security view to review signed-in sessions, inspect device and location details, and log out sessions they do not recognize. For QA engineers and SDETs, that is a practical update because AI tools are now part of day-to-day testing workflows, often across laptops, VMs, shared browsers, and multiple environments.

This is not a flashy model launch. It is a security and operations improvement. That matters because test teams increasingly use ChatGPT, Codex, and API workflows alongside production-like data, bug evidence, and internal documentation. Better session visibility lowers the chance that an old or unknown session stays active longer than it should.

What OpenAI announced on June 2, 2026

In the official ChatGPT release notes, OpenAI said users can now open Settings > Security > Active sessions to review first-party OpenAI sessions and sign out of individual sessions or all sessions. The release notes also state that the view can show details such as device, app, approximate location, sign-in time, trusted-device status, and whether the session is the current one.

  • It covers first-party OpenAI sessions, including ChatGPT, Codex, and API Platform sessions where available.
  • It supports logging out a single session or all sessions.
  • It does not manage third-party app sessions or Codex CLI sessions.

OpenAI published a companion help article explaining that session details may be approximate or incomplete, and that some rows can represent browser activity across multiple first-party OpenAI products. That nuance is useful for testers because it sets the right expectation during validation and audit checks.

Why this matters for QA engineers

Many QA teams now use AI tools during defect triage, exploratory testing, test data design, log summarization, and automation maintenance. That creates a new operational question: who still has access to which AI workspace sessions?

  • Shared-device cleanup: Test labs and shared machines often keep browser sessions alive longer than intended.
  • Contractor and temporary access review: Teams can spot whether old sessions remain after role or project changes.
  • Security regression checks: QA can validate session logout flows as part of broader account-security test coverage.
  • Incident response: If a tester suspects account misuse, logging out all sessions is now a clearer first response.

In short, this update is relevant because AI testing workflows are not only about prompts and model quality. They are also about account hygiene, traceability, and access control.

What to verify in your own QA workflow

If your team uses ChatGPT or Codex during testing, this release is a good reason to add a small security checklist to your operating routine.

  • Review whether team members are using personal accounts, managed workspace accounts, or shared test accounts.
  • Check whether old browser sessions remain active on VMs, cloud workstations, or loaner laptops.
  • Document which OpenAI surfaces are covered by the session view and which are not, especially Codex CLI and third-party integrations.
  • Decide when to use individual logout versus a full logout of all sessions after device loss or team transitions.

That last point matters. OpenAI says a full logout can take up to 30 minutes to propagate, so teams should factor that delay into incident playbooks and validation steps.

A practical test scenario for security-minded teams

Here is a simple validation scenario QA leads can run internally:

  1. Sign in to ChatGPT on two separate devices or browser profiles.
  2. Open Settings > Security > Active sessions on one device.
  3. Confirm both sessions appear with recognizable device or browser context.
  4. Log out the secondary session.
  5. Verify the removed session is eventually invalidated and cannot continue normal access.
  6. Repeat with Log out of all sessions and measure the practical delay before all devices are signed out.

This is a straightforward but useful check for teams that treat AI tooling as part of their secure engineering environment rather than an isolated productivity add-on.

Limits testers should note

  • The feature is not available for accounts linked to organizational SSO sign-in such as SAML or OIDC.
  • OpenAI says session details can be approximate or incomplete.
  • Codex CLI sessions are not shown in this view.
  • Third-party app sessions and connected apps are outside this control surface.

Those limits mean QA teams should avoid over-claiming what this feature covers. It improves visibility, but it is not a universal audit console for every OpenAI-related access path.

Bottom line

ChatGPT active sessions is a small but useful June 2026 security update from OpenAI. It gives QA engineers a more concrete way to review signed-in devices, clean up stale access, and test logout behavior around AI tooling already used in delivery pipelines. For teams adopting ChatGPT and Codex more broadly, this is the kind of operational feature worth tracking.

Sources