Currently, there’s no way for me to see which sessions are valid/active for my account on Wikimedia projects – if I want to be sure that I can’t be compromised by an old session, I have to change my password. It would be useful if MediaWiki instead offered a way to list those sessions, and ideally allowed me to selectively terminate them as well.
GitHub and Twitter have such a feature, for example:
In MediaWiki, this is currently offered by Extension:SecureSessions (CC @Parent5446), but that extension isn’t deployed on Wikimedia wikis and also doesn’t always work, for example due to T73066; in T73066#2386198, @Anomie outlined an alternative way to track sessions. I think it might be worth adding this as a core feature.