From 032de9ff2f9c995c298eb974a6403e604886c761 Mon Sep 17 00:00:00 2001
From: aviv926 <51673860+aviv926@users.noreply.github.com>
Date: Wed, 22 Oct 2025 01:36:18 +0300
Subject: [PATCH] feat: view the user's app version on the user page (#21345)

Co-authored-by: Daniel Dietzler <mail@ddietzler.dev>
---
 e2e/src/responses.ts                          |   1 +
 mobile/openapi/README.md                      | Bin 41011 -> 41140 bytes
 mobile/openapi/lib/api/users_admin_api.dart   | Bin 18328 -> 20189 bytes
 mobile/openapi/lib/model/permission.dart      | Bin 24034 -> 24215 bytes
 .../model/session_create_response_dto.dart    | Bin 5472 -> 5859 bytes
 .../lib/model/session_response_dto.dart       | Bin 5147 -> 5534 bytes
 open-api/immich-openapi-specs.json            |  59 ++++++++++++++++++
 open-api/typescript-sdk/src/fetch-client.ts   |  36 ++++++++---
 .../src/controllers/user-admin.controller.ts  |   7 +++
 server/src/database.ts                        |   3 +-
 server/src/dtos/session.dto.ts                |   2 +
 server/src/dtos/user.dto.ts                   |   1 +
 server/src/enum.ts                            |   2 +
 server/src/middleware/auth.guard.ts           |  10 +--
 server/src/queries/session.repository.sql     |   1 +
 ...1078763279-AddAppVersionColumnToSession.ts |   9 +++
 server/src/schema/tables/session.table.ts     |   3 +
 server/src/services/auth.service.spec.ts      |   5 ++
 server/src/services/auth.service.ts           |  18 ++++--
 server/src/services/user-admin.service.ts     |   6 ++
 server/src/utils/request.ts                   |  17 +++++
 server/test/medium.factory.ts                 |   2 +-
 server/test/small.factory.ts                  |   1 +
 .../user-settings-page/device-card.svelte     |  34 +++++-----
 .../user-settings-page/device-list.svelte     |  16 ++---
 web/src/routes/admin/users/[id]/+page.svelte  |  24 ++++++-
 web/src/routes/admin/users/[id]/+page.ts      |   6 +-
 27 files changed, 215 insertions(+), 48 deletions(-)
 create mode 100644 server/src/schema/migrations/1761078763279-AddAppVersionColumnToSession.ts

diff --git a/e2e/src/responses.ts b/e2e/src/responses.ts
index b14aedf89..27e609120 100644
--- a/e2e/src/responses.ts
+++ b/e2e/src/responses.ts
@@ -119,5 +119,6 @@ export const deviceDto = {
     isPendingSyncReset: false,
     deviceOS: '',
     deviceType: '',
+    appVersion: null,
   },
 };
diff --git a/mobile/openapi/README.md b/mobile/openapi/README.md
index 698b9774da4810e279ac7d29b597f8838ca6910c..7ee04c07b16c523e3c830112e8f2bc7d56b7e4c2 100644
GIT binary patch
delta 61
zcmdmdfN9G?rVYPh*;0#(GxPH%-;Y<|Pfsl=Elw>eh6oi;){Rx-(1-FS$Hz%cie=yY
IGuFxp05?t<U;qFB

delta 14
WcmdmTkZJP)rVYPhH&@45IspJU%Le-Z

diff --git a/mobile/openapi/lib/api/users_admin_api.dart b/mobile/openapi/lib/api/users_admin_api.dart
index e4fc1673efafb3e3b19a973afd30eac469f9cb03..4a4301ff430278e2e9ad42b1c3fea523e3da1075 100644
GIT binary patch
delta 195
zcmbQy&v<t(<A#%R?7^wU#hLkelm9ErPhM}IKY2crAYXcFNoa9u5lm{LgY4u564C6%
zP^Ie>9!);LEw}lVk{~0J{$QY9b}gUG;u0IE&Y;xdg8aPVRF{%`J9|3?RAY-L9}uyD
uYoF*KyqQn*A>-sCvnn=-_Q_w&)L~3z^XZdR<bV#WncSelvAIBALjwT1YD>`o

delta 21
dcmcaRmvKfv<A#%RlO42`CmG~#UZ7^H0RUyX2x|ZU

diff --git a/mobile/openapi/lib/model/permission.dart b/mobile/openapi/lib/model/permission.dart
index 95b9a55fba32815901d7b3defe948a3baff64962..86011eb835d9bd1ce6d1f6019ceac349661834d2 100644
GIT binary patch
delta 91
zcmaE~n{oPH#tpMnS%XuHi!&!*6qcL(K!ueZ%*)T4Y{(+Hd75e_uOL()AhjqnKP4zN
hF=g`?qa~V9T@$@zCQpcFWdSLgT;L(Md2)<DBLHX>BH#c3

delta 28
kcmbQfm+{eV#tpMnC#M?=Z~mzo#Jf4&c&6rN-&ik30Jqi)iU0rr

diff --git a/mobile/openapi/lib/model/session_create_response_dto.dart b/mobile/openapi/lib/model/session_create_response_dto.dart
index a4f93e8d9cd537eb38516fef57e8e46bf41a2ee6..e16597f3b5d3b18381e766d94932e78f49fcf139 100644
GIT binary patch
delta 319
zcmaE$^;mbqDn`!4f`YKrqT<Z_$puWJlUFf*<*`?Qi{)*e!qm?sf#56H+9Jz}vi33>
zpvvZz=Hw{YD;OwPAt_YU%SbHFaL!Lj)l|^lJcrGV5y?zj6@&>o3Y#CX^D=s6rYUHY
zWMmfWA*2)(Z52R<YbsQ8DS$y%aeiKOkvc+&daQ!20-CnT_c-OG(3F6Tu?8DbyZIGI
g4>K1+e)2|MMP39~T~lXsE>8{z50a41<jW$x0DDnyh5!Hn

delta 45
zcmV+|0Mh^CE#NA!ssWS80rj)g0)zsyeg%I4voi-k0kew;4FR(s3Wo!;=M7^BlUx>u
Dw7L-z

diff --git a/mobile/openapi/lib/model/session_response_dto.dart b/mobile/openapi/lib/model/session_response_dto.dart
index e76e4d48b4d9dd3d7c70f834c8f6fdfe4ae7b286..85acb8a358215b1db383ed3817d39569e6f590c4 100644
GIT binary patch
delta 312
zcmbQOF;9EL3`VZRf`YKrqT<Z_yvYk0MJLZ>yv<{;fDqiA$yC84f#56H+9JzdW+`Me
zK$Xoa&B;-)S1?epLQ<%xmyuYU;hdk6s;Qv8*^W(<5y?zj6@&>o3X{{>{|jfPDQJ{r
zWESfoWF{+cO1dGq>ahy83TR5KxfFn)Rv|T~I8~t<%+c3ZP{=CI&x<ZnN9dhg!zs5p
hpTn6M+4paG6nPO!)HQWBujKy0&VwYRGkLaf0{|A$Y}^0<

delta 44
zcmV+{0Mq}TE1M{=m;sZv0o=2x0&N1bJOyI`v(*M80h162|Ff0}Oarqc4etk&Bo%sv
Cq!2v-

diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json
index fdfc40eb6..3b258d505 100644
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -773,6 +773,54 @@
         "description": "This endpoint is an admin-only route, and requires the `adminUser.delete` permission."
       }
     },
+    "/admin/users/{id}/sessions": {
+      "get": {
+        "operationId": "getUserSessionsAdmin",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "items": {
+                    "$ref": "#/components/schemas/SessionResponseDto"
+                  },
+                  "type": "array"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Users (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-permission": "adminSession.read",
+        "description": "This endpoint is an admin-only route, and requires the `adminSession.read` permission."
+      }
+    },
     "/admin/users/{id}/statistics": {
       "get": {
         "operationId": "getUserStatisticsAdmin",
@@ -13267,6 +13315,7 @@
           "adminUser.read",
           "adminUser.update",
           "adminUser.delete",
+          "adminSession.read",
           "adminAuth.unlinkAll"
         ],
         "type": "string"
@@ -14303,6 +14352,10 @@
       },
       "SessionCreateResponseDto": {
         "properties": {
+          "appVersion": {
+            "nullable": true,
+            "type": "string"
+          },
           "createdAt": {
             "type": "string"
           },
@@ -14332,6 +14385,7 @@
           }
         },
         "required": [
+          "appVersion",
           "createdAt",
           "current",
           "deviceOS",
@@ -14345,6 +14399,10 @@
       },
       "SessionResponseDto": {
         "properties": {
+          "appVersion": {
+            "nullable": true,
+            "type": "string"
+          },
           "createdAt": {
             "type": "string"
           },
@@ -14371,6 +14429,7 @@
           }
         },
         "required": [
+          "appVersion",
           "createdAt",
           "current",
           "deviceOS",
diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts
index 5c952c30a..cdd004770 100644
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -244,6 +244,17 @@ export type UserPreferencesUpdateDto = {
     sharedLinks?: SharedLinksUpdate;
     tags?: TagsUpdate;
 };
+export type SessionResponseDto = {
+    appVersion: string | null;
+    createdAt: string;
+    current: boolean;
+    deviceOS: string;
+    deviceType: string;
+    expiresAt?: string;
+    id: string;
+    isPendingSyncReset: boolean;
+    updatedAt: string;
+};
 export type AssetStatsResponseDto = {
     images: number;
     total: number;
@@ -1192,16 +1203,6 @@ export type ServerVersionHistoryResponseDto = {
     id: string;
     version: string;
 };
-export type SessionResponseDto = {
-    createdAt: string;
-    current: boolean;
-    deviceOS: string;
-    deviceType: string;
-    expiresAt?: string;
-    id: string;
-    isPendingSyncReset: boolean;
-    updatedAt: string;
-};
 export type SessionCreateDto = {
     deviceOS?: string;
     deviceType?: string;
@@ -1209,6 +1210,7 @@ export type SessionCreateDto = {
     duration?: number;
 };
 export type SessionCreateResponseDto = {
+    appVersion: string | null;
     createdAt: string;
     current: boolean;
     deviceOS: string;
@@ -1853,6 +1855,19 @@ export function restoreUserAdmin({ id }: {
         method: "POST"
     }));
 }
+/**
+ * This endpoint is an admin-only route, and requires the `adminSession.read` permission.
+ */
+export function getUserSessionsAdmin({ id }: {
+    id: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: SessionResponseDto[];
+    }>(`/admin/users/${encodeURIComponent(id)}/sessions`, {
+        ...opts
+    }));
+}
 /**
  * This endpoint is an admin-only route, and requires the `adminUser.read` permission.
  */
@@ -4830,6 +4845,7 @@ export enum Permission {
     AdminUserRead = "adminUser.read",
     AdminUserUpdate = "adminUser.update",
     AdminUserDelete = "adminUser.delete",
+    AdminSessionRead = "adminSession.read",
     AdminAuthUnlinkAll = "adminAuth.unlinkAll"
 }
 export enum AssetMetadataKey {
diff --git a/server/src/controllers/user-admin.controller.ts b/server/src/controllers/user-admin.controller.ts
index d50bd174a..25a4691b7 100644
--- a/server/src/controllers/user-admin.controller.ts
+++ b/server/src/controllers/user-admin.controller.ts
@@ -2,6 +2,7 @@ import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Param, Post, Put,
 import { ApiTags } from '@nestjs/swagger';
 import { AssetStatsDto, AssetStatsResponseDto } from 'src/dtos/asset.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
+import { SessionResponseDto } from 'src/dtos/session.dto';
 import { UserPreferencesResponseDto, UserPreferencesUpdateDto } from 'src/dtos/user-preferences.dto';
 import {
   UserAdminCreateDto,
@@ -58,6 +59,12 @@ export class UserAdminController {
     return this.service.delete(auth, id, dto);
   }
 
+  @Get(':id/sessions')
+  @Authenticated({ permission: Permission.AdminSessionRead, admin: true })
+  getUserSessionsAdmin(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<SessionResponseDto[]> {
+    return this.service.getSessions(auth, id);
+  }
+
   @Get(':id/statistics')
   @Authenticated({ permission: Permission.AdminUserRead, admin: true })
   getUserStatisticsAdmin(
diff --git a/server/src/database.ts b/server/src/database.ts
index f472c643e..f60c2c228 100644
--- a/server/src/database.ts
+++ b/server/src/database.ts
@@ -238,6 +238,7 @@ export type Session = {
   expiresAt: Date | null;
   deviceOS: string;
   deviceType: string;
+  appVersion: string | null;
   pinExpiresAt: Date | null;
   isPendingSyncReset: boolean;
 };
@@ -308,7 +309,7 @@ export const columns = {
   assetFiles: ['asset_file.id', 'asset_file.path', 'asset_file.type'],
   authUser: ['user.id', 'user.name', 'user.email', 'user.isAdmin', 'user.quotaUsageInBytes', 'user.quotaSizeInBytes'],
   authApiKey: ['api_key.id', 'api_key.permissions'],
-  authSession: ['session.id', 'session.updatedAt', 'session.pinExpiresAt'],
+  authSession: ['session.id', 'session.updatedAt', 'session.pinExpiresAt', 'session.appVersion'],
   authSharedLink: [
     'shared_link.id',
     'shared_link.userId',
diff --git a/server/src/dtos/session.dto.ts b/server/src/dtos/session.dto.ts
index 7ccc72a5f..49351eda5 100644
--- a/server/src/dtos/session.dto.ts
+++ b/server/src/dtos/session.dto.ts
@@ -34,6 +34,7 @@ export class SessionResponseDto {
   current!: boolean;
   deviceType!: string;
   deviceOS!: string;
+  appVersion!: string | null;
   isPendingSyncReset!: boolean;
 }
 
@@ -47,6 +48,7 @@ export const mapSession = (entity: Session, currentId?: string): SessionResponse
   updatedAt: entity.updatedAt.toISOString(),
   expiresAt: entity.expiresAt?.toISOString(),
   current: currentId === entity.id,
+  appVersion: entity.appVersion,
   deviceOS: entity.deviceOS,
   deviceType: entity.deviceType,
   isPendingSyncReset: entity.isPendingSyncReset,
diff --git a/server/src/dtos/user.dto.ts b/server/src/dtos/user.dto.ts
index 443178aa1..c5067f3e8 100644
--- a/server/src/dtos/user.dto.ts
+++ b/server/src/dtos/user.dto.ts
@@ -173,6 +173,7 @@ export function mapUserAdmin(entity: UserAdmin): UserAdminResponseDto {
   const license = metadata.find(
     (item): item is UserMetadataItem<UserMetadataKey.License> => item.key === UserMetadataKey.License,
   )?.value;
+
   return {
     ...mapUser(entity),
     storageLabel: entity.storageLabel,
diff --git a/server/src/enum.ts b/server/src/enum.ts
index b8e6e5209..c056091f2 100644
--- a/server/src/enum.ts
+++ b/server/src/enum.ts
@@ -236,6 +236,8 @@ export enum Permission {
   AdminUserUpdate = 'adminUser.update',
   AdminUserDelete = 'adminUser.delete',
 
+  AdminSessionRead = 'adminSession.read',
+
   AdminAuthUnlinkAll = 'adminAuth.unlinkAll',
 }
 
diff --git a/server/src/middleware/auth.guard.ts b/server/src/middleware/auth.guard.ts
index 8af7bf7fb..4964fefbb 100644
--- a/server/src/middleware/auth.guard.ts
+++ b/server/src/middleware/auth.guard.ts
@@ -13,7 +13,7 @@ import { AuthDto } from 'src/dtos/auth.dto';
 import { ApiCustomExtension, ImmichQuery, MetadataKey, Permission } from 'src/enum';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { AuthService, LoginDetails } from 'src/services/auth.service';
-import { UAParser } from 'ua-parser-js';
+import { getUserAgentDetails } from 'src/utils/request';
 
 type AdminRoute = { admin?: true };
 type SharedLinkRoute = { sharedLink?: true };
@@ -56,13 +56,14 @@ export const FileResponse = () =>
 
 export const GetLoginDetails = createParamDecorator((data, context: ExecutionContext): LoginDetails => {
   const request = context.switchToHttp().getRequest<Request>();
-  const userAgent = UAParser(request.headers['user-agent']);
+  const { deviceType, deviceOS, appVersion } = getUserAgentDetails(request.headers);
 
   return {
     clientIp: request.ip ?? '',
     isSecure: request.secure,
-    deviceType: userAgent.browser.name || userAgent.device.type || (request.headers.devicemodel as string) || '',
-    deviceOS: userAgent.os.name || (request.headers.devicetype as string) || '',
+    deviceType,
+    deviceOS,
+    appVersion,
   };
 });
 
@@ -86,7 +87,6 @@ export class AuthGuard implements CanActivate {
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
     const targets = [context.getHandler()];
-
     const options = this.reflector.getAllAndOverride<AuthenticatedOptions | undefined>(MetadataKey.AuthRoute, targets);
     if (!options) {
       return true;
diff --git a/server/src/queries/session.repository.sql b/server/src/queries/session.repository.sql
index 34d25cce8..831a16342 100644
--- a/server/src/queries/session.repository.sql
+++ b/server/src/queries/session.repository.sql
@@ -23,6 +23,7 @@ select
   "session"."id",
   "session"."updatedAt",
   "session"."pinExpiresAt",
+  "session"."appVersion",
   (
     select
       to_json(obj)
diff --git a/server/src/schema/migrations/1761078763279-AddAppVersionColumnToSession.ts b/server/src/schema/migrations/1761078763279-AddAppVersionColumnToSession.ts
new file mode 100644
index 000000000..817578851
--- /dev/null
+++ b/server/src/schema/migrations/1761078763279-AddAppVersionColumnToSession.ts
@@ -0,0 +1,9 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "session" ADD "appVersion" character varying;`.execute(db);
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "session" DROP COLUMN "appVersion";`.execute(db);
+}
diff --git a/server/src/schema/tables/session.table.ts b/server/src/schema/tables/session.table.ts
index 706abdf88..466152d35 100644
--- a/server/src/schema/tables/session.table.ts
+++ b/server/src/schema/tables/session.table.ts
@@ -42,6 +42,9 @@ export class SessionTable {
   @Column({ default: '' })
   deviceOS!: Generated<string>;
 
+  @Column({ nullable: true })
+  appVersion!: string | null;
+
   @UpdateIdColumn({ index: true })
   updateId!: Generated<string>;
 
diff --git a/server/src/services/auth.service.spec.ts b/server/src/services/auth.service.spec.ts
index d2b287cd5..d8d759859 100644
--- a/server/src/services/auth.service.spec.ts
+++ b/server/src/services/auth.service.spec.ts
@@ -41,6 +41,7 @@ const loginDetails = {
   clientIp: '127.0.0.1',
   deviceOS: '',
   deviceType: '',
+  appVersion: null,
 };
 
 const fixtures = {
@@ -243,6 +244,7 @@ describe(AuthService.name, () => {
         updatedAt: session.updatedAt,
         user: factory.authUser(),
         pinExpiresAt: null,
+        appVersion: null,
       };
 
       mocks.session.getByToken.mockResolvedValue(sessionWithToken);
@@ -408,6 +410,7 @@ describe(AuthService.name, () => {
         updatedAt: session.updatedAt,
         user: factory.authUser(),
         pinExpiresAt: null,
+        appVersion: null,
       };
 
       mocks.session.getByToken.mockResolvedValue(sessionWithToken);
@@ -435,6 +438,7 @@ describe(AuthService.name, () => {
         user: factory.authUser(),
         isPendingSyncReset: false,
         pinExpiresAt: null,
+        appVersion: null,
       };
 
       mocks.session.getByToken.mockResolvedValue(sessionWithToken);
@@ -456,6 +460,7 @@ describe(AuthService.name, () => {
         user: factory.authUser(),
         isPendingSyncReset: false,
         pinExpiresAt: null,
+        appVersion: null,
       };
 
       mocks.session.getByToken.mockResolvedValue(sessionWithToken);
diff --git a/server/src/services/auth.service.ts b/server/src/services/auth.service.ts
index 535df779c..d118f1809 100644
--- a/server/src/services/auth.service.ts
+++ b/server/src/services/auth.service.ts
@@ -29,11 +29,13 @@ import { BaseService } from 'src/services/base.service';
 import { isGranted } from 'src/utils/access';
 import { HumanReadableSize } from 'src/utils/bytes';
 import { mimeTypes } from 'src/utils/mime-types';
+import { getUserAgentDetails } from 'src/utils/request';
 export interface LoginDetails {
   isSecure: boolean;
   clientIp: string;
   deviceType: string;
   deviceOS: string;
+  appVersion: string | null;
 }
 
 interface ClaimOptions<T> {
@@ -218,7 +220,7 @@ export class AuthService extends BaseService {
     }
 
     if (session) {
-      return this.validateSession(session);
+      return this.validateSession(session, headers);
     }
 
     if (apiKey) {
@@ -463,15 +465,22 @@ export class AuthService extends BaseService {
     return this.cryptoRepository.compareBcrypt(inputSecret, existingHash);
   }
 
-  private async validateSession(tokenValue: string): Promise<AuthDto> {
+  private async validateSession(tokenValue: string, headers: IncomingHttpHeaders): Promise<AuthDto> {
     const hashedToken = this.cryptoRepository.hashSha256(tokenValue);
     const session = await this.sessionRepository.getByToken(hashedToken);
     if (session?.user) {
+      const { appVersion, deviceOS, deviceType } = getUserAgentDetails(headers);
       const now = DateTime.now();
       const updatedAt = DateTime.fromJSDate(session.updatedAt);
       const diff = now.diff(updatedAt, ['hours']);
-      if (diff.hours > 1) {
-        await this.sessionRepository.update(session.id, { id: session.id, updatedAt: new Date() });
+      if (diff.hours > 1 || appVersion != session.appVersion) {
+        await this.sessionRepository.update(session.id, {
+          id: session.id,
+          updatedAt: new Date(),
+          appVersion,
+          deviceOS,
+          deviceType,
+        });
       }
 
       // Pin check
@@ -529,6 +538,7 @@ export class AuthService extends BaseService {
       token: tokenHashed,
       deviceOS: loginDetails.deviceOS,
       deviceType: loginDetails.deviceType,
+      appVersion: loginDetails.appVersion,
       userId: user.id,
     });
 
diff --git a/server/src/services/user-admin.service.ts b/server/src/services/user-admin.service.ts
index a57072e49..2684dca0c 100644
--- a/server/src/services/user-admin.service.ts
+++ b/server/src/services/user-admin.service.ts
@@ -2,6 +2,7 @@ import { BadRequestException, ForbiddenException, Injectable } from '@nestjs/com
 import { SALT_ROUNDS } from 'src/constants';
 import { AssetStatsDto, AssetStatsResponseDto, mapStats } from 'src/dtos/asset.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
+import { SessionResponseDto, mapSession } from 'src/dtos/session.dto';
 import { UserPreferencesResponseDto, UserPreferencesUpdateDto, mapPreferences } from 'src/dtos/user-preferences.dto';
 import {
   UserAdminCreateDto,
@@ -119,6 +120,11 @@ export class UserAdminService extends BaseService {
     return mapUserAdmin(user);
   }
 
+  async getSessions(auth: AuthDto, id: string): Promise<SessionResponseDto[]> {
+    const sessions = await this.sessionRepository.getByUserId(id);
+    return sessions.map((session) => mapSession(session));
+  }
+
   async getStatistics(auth: AuthDto, id: string, dto: AssetStatsDto): Promise<AssetStatsResponseDto> {
     const stats = await this.assetRepository.getStatistics(id, dto);
     return mapStats(stats);
diff --git a/server/src/utils/request.ts b/server/src/utils/request.ts
index 19d3cac66..c64c98052 100644
--- a/server/src/utils/request.ts
+++ b/server/src/utils/request.ts
@@ -1,5 +1,22 @@
+import { IncomingHttpHeaders } from 'node:http';
+import { UAParser } from 'ua-parser-js';
+
 export const fromChecksum = (checksum: string): Buffer => {
   return Buffer.from(checksum, checksum.length === 28 ? 'base64' : 'hex');
 };
 
 export const fromMaybeArray = <T>(param: T | T[]) => (Array.isArray(param) ? param[0] : param);
+
+const getAppVersionFromUA = (ua: string) =>
+  ua.match(/^Immich_(?:Android|iOS)_(?<appVersion>.+)$/)?.groups?.appVersion ?? null;
+
+export const getUserAgentDetails = (headers: IncomingHttpHeaders) => {
+  const userAgent = UAParser(headers['user-agent']);
+  const appVersion = getAppVersionFromUA(headers['user-agent'] ?? '');
+
+  return {
+    deviceType: userAgent.browser.name || userAgent.device.type || (headers['devicemodel'] as string) || '',
+    deviceOS: userAgent.os.name || (headers['devicetype'] as string) || '',
+    appVersion,
+  };
+};
diff --git a/server/test/medium.factory.ts b/server/test/medium.factory.ts
index 3f021f3eb..a8d3f9df7 100644
--- a/server/test/medium.factory.ts
+++ b/server/test/medium.factory.ts
@@ -628,7 +628,7 @@ const syncStream = () => {
 };
 
 const loginDetails = () => {
-  return { isSecure: false, clientIp: '', deviceType: '', deviceOS: '' };
+  return { isSecure: false, clientIp: '', deviceType: '', deviceOS: '', appVersion: null };
 };
 
 const loginResponse = (): LoginResponseDto => {
diff --git a/server/test/small.factory.ts b/server/test/small.factory.ts
index 04654552a..09e7988f8 100644
--- a/server/test/small.factory.ts
+++ b/server/test/small.factory.ts
@@ -135,6 +135,7 @@ const sessionFactory = (session: Partial<Session> = {}) => ({
   userId: newUuid(),
   pinExpiresAt: newDate(),
   isPendingSyncReset: false,
+  appVersion: session.appVersion ?? null,
   ...session,
 });
 
diff --git a/web/src/lib/components/user-settings-page/device-card.svelte b/web/src/lib/components/user-settings-page/device-card.svelte
index 15d9ede21..f3156b7e7 100644
--- a/web/src/lib/components/user-settings-page/device-card.svelte
+++ b/web/src/lib/components/user-settings-page/device-card.svelte
@@ -18,11 +18,11 @@
   import { t } from 'svelte-i18n';
 
   interface Props {
-    device: SessionResponseDto;
+    session: SessionResponseDto;
     onDelete?: (() => void) | undefined;
   }
 
-  let { device, onDelete = undefined }: Props = $props();
+  const { session, onDelete = undefined }: Props = $props();
 
   const options: ToRelativeCalendarOptions = {
     unit: 'days',
@@ -32,21 +32,21 @@
 
 <div class="flex w-full flex-row">
   <div class="hidden items-center justify-center pe-2 text-primary sm:flex">
-    {#if device.deviceOS === 'Android'}
+    {#if session.deviceOS === 'Android'}
       <Icon icon={mdiAndroid} size="40" />
-    {:else if device.deviceOS === 'iOS' || device.deviceOS === 'macOS'}
+    {:else if session.deviceOS === 'iOS' || session.deviceOS === 'macOS'}
       <Icon icon={mdiApple} size="40" />
-    {:else if device.deviceOS.includes('Safari')}
+    {:else if session.deviceOS.includes('Safari')}
       <Icon icon={mdiAppleSafari} size="40" />
-    {:else if device.deviceOS.includes('Windows')}
+    {:else if session.deviceOS.includes('Windows')}
       <Icon icon={mdiMicrosoftWindows} size="40" />
-    {:else if device.deviceOS === 'Linux'}
+    {:else if session.deviceOS === 'Linux'}
       <Icon icon={mdiLinux} size="40" />
-    {:else if device.deviceOS === 'Ubuntu'}
+    {:else if session.deviceOS === 'Ubuntu'}
       <Icon icon={mdiUbuntu} size="40" />
-    {:else if device.deviceOS === 'Chrome OS' || device.deviceType === 'Chrome' || device.deviceType === 'Chromium' || device.deviceType === 'Mobile Chrome'}
+    {:else if session.deviceOS === 'Chrome OS' || session.deviceType === 'Chrome' || session.deviceType === 'Chromium' || session.deviceType === 'Mobile Chrome'}
       <Icon icon={mdiGoogleChrome} size="40" />
-    {:else if device.deviceOS === 'Google Cast'}
+    {:else if session.deviceOS === 'Google Cast'}
       <Icon icon={mdiCast} size="40" />
     {:else}
       <Icon icon={mdiHelp} size="40" />
@@ -55,24 +55,28 @@
   <div class="flex grow flex-row justify-between gap-1 ps-4 sm:ps-0">
     <div class="flex flex-col justify-center gap-1 dark:text-white">
       <span class="text-sm">
-        {#if device.deviceType || device.deviceOS}
-          <span>{device.deviceOS || $t('unknown')} • {device.deviceType || $t('unknown')}</span>
+        {#if session.deviceType || session.deviceOS}
+          <span
+            >{session.deviceOS || $t('unknown')} • {session.deviceType || $t('unknown')}{session.appVersion
+              ? `(v${session.appVersion})`
+              : ''}</span
+          >
         {:else}
           <span>{$t('unknown')}</span>
         {/if}
       </span>
       <div class="text-sm">
         <span class="">{$t('last_seen')}</span>
-        <span>{DateTime.fromISO(device.updatedAt, { locale: $locale }).toRelativeCalendar(options)}</span>
+        <span>{DateTime.fromISO(session.updatedAt, { locale: $locale }).toRelativeCalendar(options)}</span>
         <span class="text-xs text-gray-500 dark:text-gray-400"> - </span>
         <span class="text-xs text-gray-500 dark:text-gray-400">
-          {DateTime.fromISO(device.updatedAt, { locale: $locale }).toLocaleString(DateTime.DATETIME_MED, {
+          {DateTime.fromISO(session.updatedAt, { locale: $locale }).toLocaleString(DateTime.DATETIME_MED, {
             locale: $locale,
           })}
         </span>
       </div>
     </div>
-    {#if !device.current && onDelete}
+    {#if !session.current && onDelete}
       <div>
         <IconButton
           color="danger"
diff --git a/web/src/lib/components/user-settings-page/device-list.svelte b/web/src/lib/components/user-settings-page/device-list.svelte
index 3a6eb9d0b..56be8c2f1 100644
--- a/web/src/lib/components/user-settings-page/device-list.svelte
+++ b/web/src/lib/components/user-settings-page/device-list.svelte
@@ -14,8 +14,8 @@
 
   const refresh = () => getSessions().then((_devices) => (devices = _devices));
 
-  let currentDevice = $derived(devices.find((device) => device.current));
-  let otherDevices = $derived(devices.filter((device) => !device.current));
+  let currentSession = $derived(devices.find((device) => device.current));
+  let otherSessions = $derived(devices.filter((device) => !device.current));
 
   const handleDelete = async (device: SessionResponseDto) => {
     const isConfirmed = await modalManager.showDialog({ prompt: $t('logout_this_device_confirmation') });
@@ -54,22 +54,22 @@
 </script>
 
 <section class="my-4">
-  {#if currentDevice}
+  {#if currentSession}
     <div class="mb-6">
       <h3 class="uppercase mb-2 text-xs font-medium text-primary">
         {$t('current_device')}
       </h3>
-      <DeviceCard device={currentDevice} />
+      <DeviceCard session={currentSession} />
     </div>
   {/if}
-  {#if otherDevices.length > 0}
+  {#if otherSessions.length > 0}
     <div class="mb-6">
       <h3 class="uppercase mb-2 text-xs font-medium text-primary">
         {$t('other_devices')}
       </h3>
-      {#each otherDevices as device, index (device.id)}
-        <DeviceCard {device} onDelete={() => handleDelete(device)} />
-        {#if index !== otherDevices.length - 1}
+      {#each otherSessions as session, index (session.id)}
+        <DeviceCard {session} onDelete={() => handleDelete(session)} />
+        {#if index !== otherSessions.length - 1}
           <hr class="my-3" />
         {/if}
       {/each}
diff --git a/web/src/routes/admin/users/[id]/+page.svelte b/web/src/routes/admin/users/[id]/+page.svelte
index c51c31119..4ce469485 100644
--- a/web/src/routes/admin/users/[id]/+page.svelte
+++ b/web/src/routes/admin/users/[id]/+page.svelte
@@ -6,6 +6,7 @@
     NotificationType,
   } from '$lib/components/shared-components/notification/notification';
   import UserAvatar from '$lib/components/shared-components/user-avatar.svelte';
+  import DeviceCard from '$lib/components/user-settings-page/device-card.svelte';
   import FeatureSetting from '$lib/components/users/FeatureSetting.svelte';
   import PasswordResetSuccessModal from '$lib/modals/PasswordResetSuccessModal.svelte';
   import UserDeleteConfirmModal from '$lib/modals/UserDeleteConfirmModal.svelte';
@@ -36,6 +37,7 @@
   } from '@immich/ui';
   import {
     mdiAccountOutline,
+    mdiAppsBox,
     mdiCameraIris,
     mdiChartPie,
     mdiChartPieOutline,
@@ -60,11 +62,10 @@
   let user = $derived(data.user);
   const userPreferences = $derived(data.userPreferences);
   const userStatistics = $derived(data.userStatistics);
-
+  const userSessions = $derived(data.userSessions);
   const TiB = 1024 ** 4;
   const usage = $derived(user.quotaUsageInBytes ?? 0);
   let [statsUsage, statsUsageUnit] = $derived(getBytesWithUnit(usage, usage > TiB ? 2 : 0));
-
   const usedBytes = $derived(user.quotaUsageInBytes ?? 0);
   const availableBytes = $derived(user.quotaSizeInBytes ?? 1);
   let usedPercentage = $derived(Math.min(Math.round((usedBytes / availableBytes) * 100), 100));
@@ -350,6 +351,25 @@
             {/if}
           </CardBody>
         </Card>
+        <Card color="secondary">
+          <CardHeader>
+            <div class="flex items-center gap-2 px-4 py-2 text-primary">
+              <Icon icon={mdiAppsBox} size="1.5rem" />
+              <CardTitle>Sessions</CardTitle>
+            </div>
+          </CardHeader>
+          <CardBody>
+            <div class="px-4 pb-7">
+              <Stack gap={3}>
+                {#each userSessions as session (session.id)}
+                  <DeviceCard {session} />
+                {:else}
+                  <span class="text-subtle">No mobile devices</span>
+                {/each}
+              </Stack>
+            </div>
+          </CardBody>
+        </Card>
       </div>
     </Container>
   </div>
diff --git a/web/src/routes/admin/users/[id]/+page.ts b/web/src/routes/admin/users/[id]/+page.ts
index c6e918d64..bfc5bcefa 100644
--- a/web/src/routes/admin/users/[id]/+page.ts
+++ b/web/src/routes/admin/users/[id]/+page.ts
@@ -1,7 +1,7 @@
 import { AppRoute } from '$lib/constants';
 import { authenticate, requestServerInfo } from '$lib/utils/auth';
 import { getFormatter } from '$lib/utils/i18n';
-import { getUserPreferencesAdmin, getUserStatisticsAdmin, searchUsersAdmin } from '@immich/sdk';
+import { getUserPreferencesAdmin, getUserSessionsAdmin, getUserStatisticsAdmin, searchUsersAdmin } from '@immich/sdk';
 import { redirect } from '@sveltejs/kit';
 import type { PageLoad } from './$types';
 
@@ -13,9 +13,10 @@ export const load = (async ({ params, url }) => {
     redirect(302, AppRoute.ADMIN_USERS);
   }
 
-  const [userPreferences, userStatistics] = await Promise.all([
+  const [userPreferences, userStatistics, userSessions] = await Promise.all([
     getUserPreferencesAdmin({ id: user.id }),
     getUserStatisticsAdmin({ id: user.id }),
+    getUserSessionsAdmin({ id: user.id }),
   ]);
 
   const $t = await getFormatter();
@@ -24,6 +25,7 @@ export const load = (async ({ params, url }) => {
     user,
     userPreferences,
     userStatistics,
+    userSessions,
     meta: {
       title: $t('admin.user_details'),
     },