diff --git a/auth_session_logout_api/README.rst b/auth_session_logout_api/README.rst
new file mode 100644
index 0000000000..b84bb7e070
--- /dev/null
+++ b/auth_session_logout_api/README.rst
@@ -0,0 +1,177 @@
+=========================
+Force User Session Logout
+=========================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:placeholder
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_session_logout_api
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_session_logout_api
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module provides a secure API endpoint to force logout user sessions remotely.
+
+**Features:**
+
+* Token-based authentication via HTTP headers (prevents token exposure in logs)
+* Supports both custom header and standard Bearer authentication
+* Lookup users by login or email (case insensitive)
+* Comprehensive audit logging for all API requests
+* Session invalidation via Odoo's session token mechanism
+
+When a force logout is triggered, the module updates a special field that is part of the session token computation.
+This invalidates all existing sessions for the target user, forcing them to re-authenticate.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+This module uses the standard **Administration / Settings** group (``base.group_system``)
+for access control. Only users with this group can:
+
+* View and generate the force logout API token
+* View all audit logs
+
+To generate the API token:
+
+#. Go to **Settings** → **General Settings**
+#. Find the **Force Session Logout** section
+#. Click **Generate Token** to create a new secure token
+#. Copy the token and store it securely for use in API calls
+
+**Security considerations:**
+
+* The token is transmitted via HTTP headers (not URL) to prevent exposure in logs
+* Store the token securely and rotate it periodically
+* Consider implementing rate limiting at the reverse proxy level
+* All API calls are logged for auditing purposes
+
+To view audit logs:
+
+#. Go to **Settings** → **Technical** → **Security** → **Force Logout Audit**
+
+Usage
+=====
+
+API Endpoint
+~~~~~~~~~~~~
+
+To force logout a user, make a POST request to::
+
+    POST /web/session/force_logout?user=LOGIN_OR_EMAIL
+
+**Authentication:**
+
+The API uses token-based authentication via HTTP headers. You can use either:
+
+* ``X-Force-Logout-Token: TOKEN`` - Custom header
+* ``Authorization: Bearer TOKEN`` - Standard Bearer authentication
+
+**Parameters:**
+
+* ``user`` (required): User login or email address to force logout (query parameter)
+
+**Example using cURL:**
+
+.. code-block:: bash
+
+    # Using X-Force-Logout-Token header
+    curl -X POST "https://your-odoo.com/web/session/force_logout?user=john.doe" \
+         -H "X-Force-Logout-Token: your-secure-token"
+
+    # Using Authorization Bearer header
+    curl -X POST "https://your-odoo.com/web/session/force_logout?user=john@example.com" \
+         -H "Authorization: Bearer your-secure-token"
+
+**Response Codes:**
+
+* ``200 OK`` - User successfully logged out
+
+  .. code-block:: json
+
+      {"success": true, "message": "User \"john.doe\" has been logged out successfully"}
+
+* ``401 Unauthorized`` - Invalid or missing token
+
+  .. code-block:: json
+
+      {"error": "Unauthorized", "message": "Invalid or missing authentication token"}
+
+* ``404 Not Found`` - User not found
+
+  .. code-block:: json
+
+      {"error": "User not found", "message": "User with login or email \"unknown\" not found"}
+
+* ``500 Internal Server Error`` - Server error
+
+Viewing Audit Logs
+~~~~~~~~~~~~~~~~~~
+
+#. Go to **Settings** → **Technical** → **Security** → **Force Logout Audit**
+#. View the list of all force logout operations
+#. Use filters to search by status, date, or target user
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_session_logout_api%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Kencove
+
+Contributors
+~~~~~~~~~~~~
+
+* Thien Vo <thienvh@trobz.com>
+* Chau Le <chaulb@trobz.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_session_logout_api>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_session_logout_api/__init__.py b/auth_session_logout_api/__init__.py
new file mode 100644
index 0000000000..f7209b1710
--- /dev/null
+++ b/auth_session_logout_api/__init__.py
@@ -0,0 +1,2 @@
+from . import models
+from . import controllers
diff --git a/auth_session_logout_api/__manifest__.py b/auth_session_logout_api/__manifest__.py
new file mode 100644
index 0000000000..63ad92abd4
--- /dev/null
+++ b/auth_session_logout_api/__manifest__.py
@@ -0,0 +1,21 @@
+# Copyright 2026 Kencove (https://www.kencove.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+{
+    "name": "Force User Session Logout",
+    "summary": "Force logout user sessions via secure API endpoint",
+    "version": "16.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/OCA/server-auth",
+    "author": "Kencove, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "installable": True,
+    "depends": [
+        "base_setup",
+    ],
+    "data": [
+        "security/security.xml",
+        "security/ir.model.access.csv",
+        "views/auth_session_logout_audit_views.xml",
+        "views/res_config_settings_views.xml",
+    ],
+}
diff --git a/auth_session_logout_api/controllers/__init__.py b/auth_session_logout_api/controllers/__init__.py
new file mode 100644
index 0000000000..12a7e529b6
--- /dev/null
+++ b/auth_session_logout_api/controllers/__init__.py
@@ -0,0 +1 @@
+from . import main
diff --git a/auth_session_logout_api/controllers/main.py b/auth_session_logout_api/controllers/main.py
new file mode 100644
index 0000000000..b27c689cbe
--- /dev/null
+++ b/auth_session_logout_api/controllers/main.py
@@ -0,0 +1,188 @@
+# Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import logging
+import secrets
+
+from odoo import http
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class SessionLogoutController(http.Controller):
+
+    _USER_AGENT_MAX_LENGTH = 200
+    _ERROR_MESSAGE_MAX_LENGTH = 500
+
+    def _get_request_info(self):
+        """Get common request information for audit logging"""
+        return {
+            "request_ip": request.httprequest.environ.get("REMOTE_ADDR", "Unknown"),
+            "user_agent": request.httprequest.environ.get("HTTP_USER_AGENT", "")[
+                : self._USER_AGENT_MAX_LENGTH
+            ],
+        }
+
+    def _create_audit_log(self, status, target_user=None, error_message=None):
+        """Create audit log entry"""
+        vals = {
+            **self._get_request_info(),
+            "status": status,
+        }
+        if target_user:
+            vals["target_user_id"] = target_user.id
+        if error_message:
+            vals["error_message"] = str(error_message)[: self._ERROR_MESSAGE_MAX_LENGTH]
+        return request.env["auth.session.logout.audit"].sudo().create(vals)
+
+    def _get_token_from_header(self):
+        """Extract token from HTTP header.
+
+        Supports both 'X-Force-Logout-Token' header and 'Authorization: Bearer' header.
+        """
+        # Check X-Force-Logout-Token header first
+        token = request.httprequest.headers.get("X-Force-Logout-Token")
+        if token:
+            return token
+
+        # Fall back to Authorization header with Bearer scheme
+        auth_header = request.httprequest.headers.get("Authorization", "")
+        if auth_header.startswith("Bearer "):
+            return auth_header[7:]  # Remove "Bearer " prefix
+
+        return None
+
+    def _validate_token(self, token):
+        """Validate the provided token against system parameter"""
+        if not token:
+            return False
+
+        system_token = (
+            request.env["ir.config_parameter"]
+            .sudo()
+            .get_param("auth_session_logout_api.token")
+        )
+        if not system_token:
+            _logger.error("Logout token not configured")
+            return False
+
+        return secrets.compare_digest(token, system_token)
+
+    def _find_user(self, user_identifier):
+        """Find user by login or email (case insensitive)"""
+        if not user_identifier:
+            return None
+
+        ResUsers = request.env["res.users"].sudo()
+
+        # Try by login first (case insensitive)
+        user = ResUsers.search([("login", "=ilike", user_identifier)], limit=1)
+
+        if not user:
+            # Try by email (case insensitive)
+            user = ResUsers.search([("email", "=ilike", user_identifier)], limit=1)
+
+        return user
+
+    def _force_user_logout(self, user):
+        """Force logout of all sessions for the user"""
+        try:
+            # Use dedicated method to handle logout and counter increment
+            user.with_context(
+                auth_session_logout_api_call=True
+            ).sudo().action_force_logout()
+
+            self._create_audit_log("success", target_user=user)
+            _logger.info(
+                "Force logout triggered for user %s from IP %s",
+                user.login,
+                request.httprequest.environ.get("REMOTE_ADDR"),
+            )
+            return True
+
+        except Exception as e:
+            _logger.exception("Failed to force logout for user %s", user.login)
+            self._create_audit_log("error", target_user=user, error_message=str(e))
+            return False
+
+    @http.route(
+        "/web/session/force_logout",
+        type="http",
+        auth="none",
+        methods=["POST"],
+        csrf=False,
+    )
+    def force_logout(self, user=None, **kwargs):
+        """Force logout of user sessions
+
+        Authentication is done via HTTP headers:
+        - X-Force-Logout-Token: TOKEN
+        - Or: Authorization: Bearer TOKEN
+
+        Args:
+            user (str): User login or email to logout (query param or form data)
+
+        Returns:
+            JSON response with success/error status
+        """
+        try:
+            # Get token from header and validate
+            # Avoid using the token from request parameters to prevent it
+            # from being exposed in the URL and logs.
+            token = self._get_token_from_header()
+            if not self._validate_token(token):
+                self._create_audit_log(
+                    "unauthorized", error_message="Invalid or missing token"
+                )
+                return request.make_json_response(
+                    {
+                        "error": "Unauthorized",
+                        "message": "Invalid or missing authentication token",
+                    },
+                    status=401,
+                )
+
+            # Find user
+            target_user = self._find_user(user)
+            if not target_user:
+                self._create_audit_log(
+                    "user_not_found",
+                    error_message=f"User not found: {user}",
+                )
+                return request.make_json_response(
+                    {
+                        "error": "User not found",
+                        "message": f'User with login or email "{user}" not found',
+                    },
+                    status=404,
+                )
+
+            # Force logout
+            if self._force_user_logout(target_user):
+                return request.make_json_response(
+                    {
+                        "success": True,
+                        "message": f"User '{target_user.login}' has been logged out"
+                        " successfully",
+                    }
+                )
+            else:
+                return request.make_json_response(
+                    {
+                        "error": "Internal error",
+                        "message": "Failed to logout user. Please check logs for details.",
+                    },
+                    status=500,
+                )
+
+        except Exception as e:
+            _logger.exception("Unexpected error in force_logout")
+            self._create_audit_log("error", error_message=str(e))
+            return request.make_json_response(
+                {
+                    "error": "Internal server error",
+                    "message": "An unexpected error occurred. Please contact administrator.",
+                },
+                status=500,
+            )
diff --git a/auth_session_logout_api/models/__init__.py b/auth_session_logout_api/models/__init__.py
new file mode 100644
index 0000000000..4a0b8e1f7e
--- /dev/null
+++ b/auth_session_logout_api/models/__init__.py
@@ -0,0 +1,3 @@
+from . import res_config_settings
+from . import res_users
+from . import auth_session_logout_audit
diff --git a/auth_session_logout_api/models/auth_session_logout_audit.py b/auth_session_logout_api/models/auth_session_logout_audit.py
new file mode 100644
index 0000000000..161b279e35
--- /dev/null
+++ b/auth_session_logout_api/models/auth_session_logout_audit.py
@@ -0,0 +1,35 @@
+# Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class AuthSessionLogoutAudit(models.Model):
+    _name = "auth.session.logout.audit"
+    _description = "Force Session Logout Audit Log"
+    _order = "create_date desc"
+
+    target_user_id = fields.Many2one(
+        "res.users",
+        string="Target User",
+        ondelete="set null",
+    )
+    target_user_login = fields.Char(
+        related="target_user_id.login",
+        store=True,
+    )
+    request_ip = fields.Char(
+        string="Request IP Address",
+    )
+    user_agent = fields.Char()
+    status = fields.Selection(
+        [
+            ("success", "Success"),
+            ("unauthorized", "Unauthorized"),
+            ("user_not_found", "User Not Found"),
+            ("error", "Error"),
+        ],
+        required=True,
+        default="success",
+    )
+    error_message = fields.Text()
diff --git a/auth_session_logout_api/models/res_config_settings.py b/auth_session_logout_api/models/res_config_settings.py
new file mode 100644
index 0000000000..9adc6eab0d
--- /dev/null
+++ b/auth_session_logout_api/models/res_config_settings.py
@@ -0,0 +1,25 @@
+# Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import secrets
+
+from odoo import fields, models
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    auth_session_logout_token = fields.Char(
+        string="Force Logout Token",
+        config_parameter="auth_session_logout_api.token",
+        help="Secure token used to authenticate force logout API requests",
+    )
+
+    def action_generate_token(self):
+        """Generate a new secure token"""
+        new_token = secrets.token_urlsafe(32)
+        self.env["ir.config_parameter"].sudo().set_param(
+            "auth_session_logout_api.token", new_token
+        )
+        self.auth_session_logout_token = new_token
+        return True
diff --git a/auth_session_logout_api/models/res_users.py b/auth_session_logout_api/models/res_users.py
new file mode 100644
index 0000000000..84224b567f
--- /dev/null
+++ b/auth_session_logout_api/models/res_users.py
@@ -0,0 +1,49 @@
+# Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import uuid
+
+from odoo import _, api, fields, models
+from odoo.exceptions import AccessError
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    session_logout_key = fields.Char(
+        copy=False,
+        help="Random key included in session token computation. "
+        "Changing this value invalidates all existing sessions for the user.",
+    )
+    force_logout_count = fields.Integer(
+        help="Number of times this user has been force logged out",
+        default=0,
+        copy=False,
+    )
+
+    @api.model
+    def _get_session_token_fields(self):
+        """Add session_logout_key to session token computation."""
+        return super()._get_session_token_fields() | {"session_logout_key"}
+
+    def action_force_logout(self):
+        """Force logout all user sessions by changing session_logout_key.
+
+        Only users with Administration/Settings group can call this method.
+        External systems should use the API endpoint with token authentication.
+        """
+        self.ensure_one()
+        if not self.env.context.get("auth_session_logout_api_call", False):
+            user = self.env["res.users"].browse(self.env.uid)
+            if not user.has_group("base.group_system"):
+                raise AccessError(_("Only administrators can force logout users."))
+
+        # Generate new random key to invalidate all existing sessions
+        new_key = uuid.uuid4().hex
+        self.sudo().write(
+            {
+                "session_logout_key": new_key,
+                "force_logout_count": self.force_logout_count + 1,
+            }
+        )
+        return True
diff --git a/auth_session_logout_api/readme/CONFIGURE.rst b/auth_session_logout_api/readme/CONFIGURE.rst
new file mode 100644
index 0000000000..236ce95005
--- /dev/null
+++ b/auth_session_logout_api/readme/CONFIGURE.rst
@@ -0,0 +1,23 @@
+This module uses the standard **Administration / Settings** group (``base.group_system``)
+for access control. Only users with this group can:
+
+* View and generate the force logout API token
+* View all audit logs
+
+To generate the API token:
+
+#. Go to **Settings** → **General Settings**
+#. Find the **Force Session Logout** section
+#. Click **Generate Token** to create a new secure token
+#. Copy the token and store it securely for use in API calls
+
+**Security considerations:**
+
+* The token is transmitted via HTTP headers (not URL) to prevent exposure in logs
+* Store the token securely and rotate it periodically
+* Consider implementing rate limiting at the reverse proxy level
+* All API calls are logged for auditing purposes
+
+To view audit logs:
+
+#. Go to **Settings** → **Technical** → **Security** → **Force Logout Audit**
diff --git a/auth_session_logout_api/readme/CONTRIBUTORS.rst b/auth_session_logout_api/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..d6ae8cbf2b
--- /dev/null
+++ b/auth_session_logout_api/readme/CONTRIBUTORS.rst
@@ -0,0 +1,2 @@
+* Thien Vo <thienvh@trobz.com>
+* Chau Le <chaulb@trobz.com>
diff --git a/auth_session_logout_api/readme/DESCRIPTION.rst b/auth_session_logout_api/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..0895339838
--- /dev/null
+++ b/auth_session_logout_api/readme/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+This module provides a secure API endpoint to force logout user sessions remotely.
+
+**Features:**
+
+* Token-based authentication via HTTP headers (prevents token exposure in logs)
+* Supports both custom header and standard Bearer authentication
+* Lookup users by login or email (case insensitive)
+* Comprehensive audit logging for all API requests
+* Session invalidation via Odoo's session token mechanism
+
+When a force logout is triggered, the module updates a special field that is part of the session token computation.
+This invalidates all existing sessions for the target user, forcing them to re-authenticate.
diff --git a/auth_session_logout_api/readme/USAGE.rst b/auth_session_logout_api/readme/USAGE.rst
new file mode 100644
index 0000000000..10569b73be
--- /dev/null
+++ b/auth_session_logout_api/readme/USAGE.rst
@@ -0,0 +1,58 @@
+API Endpoint
+~~~~~~~~~~~~
+
+To force logout a user, make a POST request to::
+
+    POST /web/session/force_logout?user=LOGIN_OR_EMAIL
+
+**Authentication:**
+
+The API uses token-based authentication via HTTP headers. You can use either:
+
+* ``X-Force-Logout-Token: TOKEN`` - Custom header
+* ``Authorization: Bearer TOKEN`` - Standard Bearer authentication
+
+**Parameters:**
+
+* ``user`` (required): User login or email address to force logout (query parameter)
+
+**Example using cURL:**
+
+.. code-block:: bash
+
+    # Using X-Force-Logout-Token header
+    curl -X POST "https://your-odoo.com/web/session/force_logout?user=john.doe" \
+         -H "X-Force-Logout-Token: your-secure-token"
+
+    # Using Authorization Bearer header
+    curl -X POST "https://your-odoo.com/web/session/force_logout?user=john@example.com" \
+         -H "Authorization: Bearer your-secure-token"
+
+**Response Codes:**
+
+* ``200 OK`` - User successfully logged out
+
+  .. code-block:: json
+
+      {"success": true, "message": "User \"john.doe\" has been logged out successfully"}
+
+* ``401 Unauthorized`` - Invalid or missing token
+
+  .. code-block:: json
+
+      {"error": "Unauthorized", "message": "Invalid or missing authentication token"}
+
+* ``404 Not Found`` - User not found
+
+  .. code-block:: json
+
+      {"error": "User not found", "message": "User with login or email \"unknown\" not found"}
+
+* ``500 Internal Server Error`` - Server error
+
+Viewing Audit Logs
+~~~~~~~~~~~~~~~~~~
+
+#. Go to **Settings** → **Technical** → **Security** → **Force Logout Audit**
+#. View the list of all force logout operations
+#. Use filters to search by status, date, or target user
diff --git a/auth_session_logout_api/security/ir.model.access.csv b/auth_session_logout_api/security/ir.model.access.csv
new file mode 100644
index 0000000000..99def48ab9
--- /dev/null
+++ b/auth_session_logout_api/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_session_logout_audit_admin,auth.session.logout.audit.admin,model_auth_session_logout_audit,base.group_system,1,1,1,1
diff --git a/auth_session_logout_api/security/security.xml b/auth_session_logout_api/security/security.xml
new file mode 100644
index 0000000000..be1bc675ff
--- /dev/null
+++ b/auth_session_logout_api/security/security.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- # Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <!-- Global Record Rule: Block all users by default -->
+    <record id="rule_audit_global_block" model="ir.rule">
+        <field name="name">Force Logout Audit: Block all by default</field>
+        <field name="model_id" ref="model_auth_session_logout_audit" />
+        <field name="domain_force">[(0, '=', 1)]</field>
+        <field name="groups" eval="False" />
+    </record>
+
+    <!-- Record Rules: Admin can see all audit logs -->
+    <record id="rule_audit_admin_all_logs" model="ir.rule">
+        <field name="name">Force Logout Audit: Admin see all logs</field>
+        <field name="model_id" ref="model_auth_session_logout_audit" />
+        <field name="domain_force">[(1, '=', 1)]</field>
+        <field name="groups" eval="[(4, ref('base.group_system'))]" />
+    </record>
+</odoo>
diff --git a/auth_session_logout_api/static/description/icon.png b/auth_session_logout_api/static/description/icon.png
new file mode 100644
index 0000000000..3a0328b516
Binary files /dev/null and b/auth_session_logout_api/static/description/icon.png differ
diff --git a/auth_session_logout_api/static/description/index.html b/auth_session_logout_api/static/description/index.html
new file mode 100644
index 0000000000..205b499275
--- /dev/null
+++ b/auth_session_logout_api/static/description/index.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Force User Session Logout</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+            line-height: 1.6;
+            color: #333;
+            max-width: 800px;
+            margin: 0 auto;
+            padding: 20px;
+        }
+        h1, h2, h3 { color: #875A7B; }
+        code {
+            background: #f4f4f4;
+            padding: 2px 6px;
+            border-radius: 3px;
+            font-family: monospace;
+        }
+        pre {
+            background: #f4f4f4;
+            padding: 15px;
+            border-radius: 5px;
+            overflow-x: auto;
+        }
+        .badge {
+            display: inline-block;
+            padding: 3px 8px;
+            border-radius: 3px;
+            font-size: 12px;
+            margin-right: 5px;
+        }
+        .badge-beta { background: #ffc107; color: #333; }
+        .badge-license { background: #007bff; color: #fff; }
+        ul { padding-left: 20px; }
+        li { margin-bottom: 8px; }
+    </style>
+</head>
+<body>
+    <h1>Force User Session Logout</h1>
+
+    <p>
+        <span class="badge badge-beta">Beta</span>
+        <span class="badge badge-license">AGPL-3</span>
+    </p>
+
+    <p>This module provides a secure API endpoint to force logout user sessions remotely.</p>
+
+    <h2>Features</h2>
+    <ul>
+        <li>Token-based authentication for API security</li>
+        <li>Lookup users by login or email (case insensitive)</li>
+        <li>Comprehensive audit logging</li>
+        <li>Session invalidation via Odoo's session token mechanism</li>
+    </ul>
+
+    <h2>API Usage</h2>
+    <pre><code>GET /web/session/force_logout?token=TOKEN&amp;user=LOGIN_OR_EMAIL</code></pre>
+
+    <h3>Example</h3>
+    <pre><code>curl "https://your-odoo.com/web/session/force_logout?token=abc123&amp;user=demo"</code></pre>
+
+    <h3>Response Codes</h3>
+    <ul>
+        <li><strong>200</strong> - User successfully logged out</li>
+        <li><strong>401</strong> - Invalid or missing token</li>
+        <li><strong>404</strong> - User not found</li>
+        <li><strong>500</strong> - Server error</li>
+    </ul>
+
+    <h2>Configuration</h2>
+    <ol>
+        <li>Go to <strong>Settings</strong> → <strong>General Settings</strong></li>
+        <li>Find the <strong>Force Session Logout</strong> section</li>
+        <li>Click <strong>Generate Token</strong> to create a new secure token</li>
+    </ol>
+
+    <h2>Credits</h2>
+    <h3>Contributors</h3>
+    <ul>
+        <li><a href="https://trobz.com">Trobz</a></li>
+    </ul>
+
+    <h3>Maintainer</h3>
+    <p>
+        This module is maintained by the
+        <a href="https://odoo-community.org">Odoo Community Association (OCA)</a>.
+    </p>
+</body>
+</html>
diff --git a/auth_session_logout_api/tests/__init__.py b/auth_session_logout_api/tests/__init__.py
new file mode 100644
index 0000000000..7087f936bb
--- /dev/null
+++ b/auth_session_logout_api/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_force_logout
diff --git a/auth_session_logout_api/tests/test_force_logout.py b/auth_session_logout_api/tests/test_force_logout.py
new file mode 100644
index 0000000000..fa4e152662
--- /dev/null
+++ b/auth_session_logout_api/tests/test_force_logout.py
@@ -0,0 +1,140 @@
+# Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import secrets
+
+from odoo.tests import tagged
+from odoo.tests.common import TransactionCase
+
+
+@tagged("post_install", "-at_install")
+class TestForceLogout(TransactionCase):
+    """Tests for force logout functionality"""
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.test_token = "test_token_12345"
+        cls.env["ir.config_parameter"].sudo().set_param(
+            "auth_session_logout_api.token", cls.test_token
+        )
+        # Create test user
+        cls.test_user = cls.env["res.users"].create(
+            {
+                "name": "Test User",
+                "login": "testuser",
+                "email": "test@example.com",
+            }
+        )
+
+    def test_token_validation_valid(self):
+        """Test token validation with valid token"""
+        result = secrets.compare_digest(self.test_token, self.test_token)
+        self.assertTrue(result)
+
+    def test_token_validation_invalid(self):
+        """Test token validation with invalid token"""
+        result = secrets.compare_digest("invalid_token", self.test_token)
+        self.assertFalse(result)
+
+    def test_find_user_by_login(self):
+        """Test finding user by login"""
+        user = (
+            self.env["res.users"]
+            .sudo()
+            .search([("login", "=ilike", "testuser")], limit=1)
+        )
+        self.assertEqual(user, self.test_user)
+
+    def test_find_user_by_email(self):
+        """Test finding user by email"""
+        user = (
+            self.env["res.users"]
+            .sudo()
+            .search([("email", "=ilike", "test@example.com")], limit=1)
+        )
+        self.assertEqual(user, self.test_user)
+
+    def test_find_user_case_insensitive(self):
+        """Test that user lookup is case insensitive"""
+        user = (
+            self.env["res.users"]
+            .sudo()
+            .search([("login", "=ilike", "TESTUSER")], limit=1)
+        )
+        self.assertEqual(user, self.test_user)
+
+    def test_find_user_not_found(self):
+        """Test finding non-existent user"""
+        user = (
+            self.env["res.users"]
+            .sudo()
+            .search([("login", "=ilike", "nonexistent")], limit=1)
+        )
+        self.assertFalse(user)
+
+    def test_session_token_fields_extended(self):
+        """Test that session_logout_key is included in session token fields"""
+        fields = self.env["res.users"]._get_session_token_fields()
+        self.assertIn("session_logout_key", fields)
+
+    def test_force_logout_changes_session_key(self):
+        """Test that force logout updates session_logout_key"""
+        old_key = self.test_user.session_logout_key
+        self.test_user.action_force_logout()
+        self.test_user.invalidate_recordset()
+        self.assertNotEqual(self.test_user.session_logout_key, old_key)
+
+    def test_force_logout_count_increment(self):
+        """Test that force logout count is incremented"""
+        initial_count = self.test_user.force_logout_count
+        self.test_user.action_force_logout()
+        self.test_user.invalidate_recordset()
+        self.assertEqual(self.test_user.force_logout_count, initial_count + 1)
+
+    def test_audit_log_creation(self):
+        """Test that audit logs can be created"""
+        audit_log = (
+            self.env["auth.session.logout.audit"]
+            .sudo()
+            .create(
+                {
+                    "target_user_id": self.test_user.id,
+                    "request_ip": "127.0.0.1",
+                    "user_agent": "Test Agent",
+                    "status": "success",
+                }
+            )
+        )
+        self.assertTrue(audit_log.exists())
+        self.assertEqual(audit_log.target_user_login, "testuser")
+        self.assertEqual(audit_log.status, "success")
+
+    def test_audit_log_error_status(self):
+        """Test audit log with error status"""
+        audit_log = (
+            self.env["auth.session.logout.audit"]
+            .sudo()
+            .create(
+                {
+                    "target_user_id": self.test_user.id,
+                    "request_ip": "127.0.0.1",
+                    "status": "error",
+                    "error_message": "Test error message",
+                }
+            )
+        )
+        self.assertEqual(audit_log.status, "error")
+        self.assertEqual(audit_log.error_message, "Test error message")
+
+    def test_generate_token(self):
+        """Test token generation"""
+        settings = self.env["res.config.settings"].create({})
+        settings.action_generate_token()
+        new_token = (
+            self.env["ir.config_parameter"]
+            .sudo()
+            .get_param("auth_session_logout_api.token")
+        )
+        self.assertTrue(new_token)
+        self.assertNotEqual(new_token, self.test_token)
diff --git a/auth_session_logout_api/views/auth_session_logout_audit_views.xml b/auth_session_logout_api/views/auth_session_logout_audit_views.xml
new file mode 100644
index 0000000000..6708364c17
--- /dev/null
+++ b/auth_session_logout_api/views/auth_session_logout_audit_views.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- # Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <!-- Audit Log Views -->
+        <record id="auth_session_logout_audit_view_tree" model="ir.ui.view">
+            <field name="name">auth.session.logout.audit.tree</field>
+            <field name="model">auth.session.logout.audit</field>
+            <field name="arch" type="xml">
+                <tree create="0" edit="0" delete="0">
+                    <field name="create_date" string="Date" />
+                    <field name="target_user_id" />
+                    <field name="target_user_login" />
+                    <field name="request_ip" />
+                    <field
+                    name="status"
+                    decoration-success="status == 'success'"
+                    decoration-danger="status in ('unauthorized', 'error')"
+                    decoration-warning="status == 'user_not_found'"
+                    widget="badge"
+                />
+                    <field name="error_message" optional="hide" />
+                </tree>
+            </field>
+        </record>
+
+        <record id="auth_session_logout_audit_view_form" model="ir.ui.view">
+            <field name="name">auth.session.logout.audit.form</field>
+            <field name="model">auth.session.logout.audit</field>
+            <field name="arch" type="xml">
+                <form string="Force Logout Audit" create="0" edit="0" delete="0">
+                    <sheet>
+                        <group>
+                            <group>
+                                <field
+                                name="create_date"
+                                string="Date"
+                                readonly="True"
+                            />
+                                <field name="target_user_id" readonly="True" />
+                                <field name="target_user_login" readonly="True" />
+                                <field name="status" readonly="True" />
+                            </group>
+                            <group>
+                                <field name="request_ip" readonly="True" />
+                                <field name="user_agent" readonly="True" />
+                            </group>
+                        </group>
+                        <group
+                        string="Error Details"
+                        attrs="{'invisible': [('error_message', '=', False)]}"
+                    >
+                            <field name="error_message" nolabel="1" readonly="1" />
+                        </group>
+                    </sheet>
+                </form>
+            </field>
+        </record>
+
+        <record id="auth_session_logout_audit_view_search" model="ir.ui.view">
+            <field name="name">auth.session.logout.audit.search</field>
+            <field name="model">auth.session.logout.audit</field>
+            <field name="arch" type="xml">
+                <search string="Search Audit Logs">
+                    <field name="target_user_id" />
+                    <field name="target_user_login" />
+                    <field name="request_ip" />
+                    <filter
+                    name="filter_success"
+                    string="Success"
+                    domain="[('status', '=', 'success')]"
+                />
+                    <filter
+                    name="filter_failed"
+                    string="Failed"
+                    domain="[('status', '!=', 'success')]"
+                />
+                    <separator />
+                    <filter
+                    name="filter_today"
+                    string="Today"
+                    domain="[('create_date', '&gt;=', context_today().strftime('%Y-%m-%d'))]"
+                />
+                    <group expand="0" string="Group By">
+                        <filter
+                        name="groupby_user"
+                        string="Target User"
+                        context="{'group_by': 'target_user_id'}"
+                    />
+                        <filter
+                        name="groupby_status"
+                        string="Status"
+                        context="{'group_by': 'status'}"
+                    />
+                        <filter
+                        name="groupby_date"
+                        string="Date"
+                        context="{'group_by': 'create_date:day'}"
+                    />
+                    </group>
+                </search>
+            </field>
+        </record>
+
+        <!-- Action -->
+        <record id="action_auth_session_logout_audit" model="ir.actions.act_window">
+            <field name="name">Force Logout Audit</field>
+            <field name="res_model">auth.session.logout.audit</field>
+            <field name="view_mode">tree,form</field>
+            <field name="context">{'search_default_filter_today': 1}</field>
+            <field name="help" type="html">
+                <p class="o_view_nocontent_smiling_face">
+                    No force logout audit logs yet
+                </p>
+                <p>
+                    Audit logs will be created when force logout operations are performed.
+                </p>
+            </field>
+        </record>
+
+        <!-- Menu -->
+        <menuitem
+        id="menu_auth_session_logout_audit"
+        name="Force Logout Audit"
+        parent="base.menu_security"
+        action="action_auth_session_logout_audit"
+        sequence="20"
+        groups="base.group_system"
+    />
+</odoo>
diff --git a/auth_session_logout_api/views/res_config_settings_views.xml b/auth_session_logout_api/views/res_config_settings_views.xml
new file mode 100644
index 0000000000..788b121acb
--- /dev/null
+++ b/auth_session_logout_api/views/res_config_settings_views.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- # Copyright 2026 Kencove (https://www.kencove.com).
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <!-- Setting-->
+    <record id="res_config_settings_view_form" model="ir.ui.view">
+        <field
+            name="name"
+        >res.config.settings.view.form.inherit.auth.session.logout</field>
+        <field name="model">res.config.settings</field>
+        <field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
+        <field name="arch" type="xml">
+            <xpath expr="//div[@id='user_default_rights']" position="after">
+                <h2 groups="base.group_system">Force Session Logout</h2>
+                <div class="row mt16 o_settings_container" groups="base.group_system">
+                    <div class="col-12 col-lg-6 o_setting_box">
+                        <div class="o_setting_left_pane" />
+                        <div class="o_setting_right_pane">
+                            <label
+                                for="auth_session_logout_token"
+                                string="Force Logout API Token"
+                            />
+                            <div
+                                class="text-muted"
+                            >Secure token for force logout API requests</div>
+                            <div class="content-group mt16">
+                                <div class="row">
+                                    <label
+                                        for="auth_session_logout_token"
+                                        class="col-lg-5 o_light_label"
+                                    />
+                                    <field
+                                        name="auth_session_logout_token"
+                                        readonly="1"
+                                        class="col-lg-4"
+                                    />
+                                </div>
+                                <div class="mt8">
+                                    <button
+                                        name="action_generate_token"
+                                        type="object"
+                                        class="btn btn-primary"
+                                        attrs="{'invisible': [('auth_session_logout_token', '!=', False)]}"
+                                    >
+                                        <i class="fa fa-key" /> Generate Token
+                                    </button>
+                                    <button
+                                        name="action_generate_token"
+                                        type="object"
+                                        class="btn btn-secondary"
+                                        attrs="{'invisible': [('auth_session_logout_token', '=', False)]}"
+                                    >
+                                        <i class="fa fa-refresh" /> Regenerate Token
+                                    </button>
+                                </div>
+                            </div>
+                            <div class="alert alert-info mt16 mb-0" role="status">
+                                <strong>API:</strong>
+                                <code
+                                >POST /web/session/force_logout?user=LOGIN_OR_EMAIL</code>
+                                <br />
+                                <small class="text-muted">
+                                    Header: <code>X-Force-Logout-Token: TOKEN</code>
+                                    or <code>Authorization: Bearer TOKEN</code>
+                                </small>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/setup/auth_session_logout_api/odoo/addons/auth_session_logout_api b/setup/auth_session_logout_api/odoo/addons/auth_session_logout_api
new file mode 120000
index 0000000000..f43451a1d2
--- /dev/null
+++ b/setup/auth_session_logout_api/odoo/addons/auth_session_logout_api
@@ -0,0 +1 @@
+../../../../auth_session_logout_api
\ No newline at end of file
diff --git a/setup/auth_session_logout_api/setup.py b/setup/auth_session_logout_api/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/auth_session_logout_api/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)