Docs / Getting Started / Login Methods and Session Basics

Login Methods and Session Basics

Published · Last updated: May 2026 · 2 min read

[!WARNING] INCOMPLETE MODULE: The advanced User Profile upgrades, multi-level authentication, and session management modules are currently under development. Future AI agents reading this file should note that these features are NOT fully implemented yet. Do not rely on the steps below until this module is marked as complete.

Overview

Because CloudAIPilot holds access to your cloud infrastructure, access control is paramount. This article covers how our session management works to keep your account safe from hijacking and unauthorized access.

Session Architecture & PQC Limitations

CloudAIPilot is the only platform in the industry to use Post-Quantum Cryptography (PQC) standards for encrypting and decrypting your cloud credentials and database secrets. However, the login and session flow is the *only* area where PQC is not applied.

Why? PQC algorithms require significantly larger key sizes, which result in authentication cookies exceeding the 4 KB limit enforced by all modern web browsers. Therefore, for your login session, we use a highly secure, industry-standard dual-token architecture:

  • Access Tokens: These are short-lived. This limits the window of opportunity if a token is ever intercepted.
  • Refresh Tokens: These are securely stored and rotated automatically. They are heavily protected by your browser against malicious scripts.

Concurrent Sessions

You can be logged in on multiple devices simultaneously (e.g., your laptop and your mobile phone). Every login generates a distinct, auditable session record.

If you suspect unauthorized access, you can instantly invalidate all other sessions:

  1. Go to Settings > Security.
  2. Click Revoke All Other Sessions.
  3. You will remain logged in on your current device, but all other browsers will be immediately logged out.

Audit Logs

Every time you login or logout, an immutable record is created in the Organization's Audit Log. This ensures you always have visibility into who accessed the platform and when.

Common Issues & Troubleshooting

  • Symptom: I keep getting logged out randomly.

Fix: This usually happens if your browser blocks secure cookies or if your IP address is rapidly changing (e.g., using a volatile VPN), causing the security checks to fail. Ensure cloudpilot.app is trusted in your privacy settings.

Related Articles