diff --git a/server/cmd/museum/main.go b/server/cmd/museum/main.go
index c4a17cb74f..6e15ad56b8 100644
--- a/server/cmd/museum/main.go
+++ b/server/cmd/museum/main.go
@@ -651,6 +651,7 @@ func main() {
 	adminAPI.POST("/user/disable-passkeys", adminHandler.RemovePasskeys)
 	adminAPI.POST("/user/update-email-mfa", adminHandler.UpdateEmailMFA)
 	adminAPI.POST("/user/add-ott", adminHandler.AddOtt)
+	adminAPI.POST("/user/terminate-session", adminHandler.TerminateSession)
 	adminAPI.POST("/user/close-family", adminHandler.CloseFamily)
 	adminAPI.PUT("/user/change-email", adminHandler.ChangeEmail)
 	adminAPI.DELETE("/user/delete", adminHandler.DeleteUser)
diff --git a/server/ente/admin.go b/server/ente/admin.go
index 6221ea8dc1..183675c19d 100644
--- a/server/ente/admin.go
+++ b/server/ente/admin.go
@@ -31,6 +31,11 @@ type AdminOttReq struct {
 	ExpiryTime int64  `json:"expiryTime" binding:"required"`
 }
 
+type LogoutSessionReq struct {
+	Token  string `json:"token" binding:"required"`
+	UserID int64  `json:"userID" binding:"required"`
+}
+
 func (a AdminOttReq) Validate() error {
 	if !a.App.IsValid() {
 		return errors.New("invalid app")
diff --git a/server/pkg/api/admin.go b/server/pkg/api/admin.go
index 4775bced63..a2e1b18165 100644
--- a/server/pkg/api/admin.go
+++ b/server/pkg/api/admin.go
@@ -343,6 +343,22 @@ func (h *AdminHandler) AddOtt(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{})
 }
 
+func (h *AdminHandler) TerminateSession(c *gin.Context) {
+	var request ente.LogoutSessionReq
+	if err := c.ShouldBindJSON(&request); err != nil {
+		handler.Error(c, stacktrace.Propagate(ente.ErrBadRequest, "Bad request"))
+		return
+	}
+	go h.DiscordController.NotifyAdminAction(
+		fmt.Sprintf("Admin (%d) terminating session for user %d", auth.GetUserID(c.Request.Header), request.UserID))
+	err := h.UserController.TerminateSession(request.UserID, request.Token)
+	if err != nil {
+		handler.Error(c, stacktrace.Propagate(err, ""))
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{})
+}
+
 func (h *AdminHandler) UpdateFeatureFlag(c *gin.Context) {
 	var request ente.AdminUpdateKeyValueRequest
 	if err := c.ShouldBindJSON(&request); err != nil {
diff --git a/server/pkg/middleware/request_logger.go b/server/pkg/middleware/request_logger.go
index 15dfbdf554..3de3c6e546 100644
--- a/server/pkg/middleware/request_logger.go
+++ b/server/pkg/middleware/request_logger.go
@@ -41,6 +41,9 @@ func shouldSkipBodyLog(method string, path string) bool {
 	if path == "/files/data" && method == "PUT" {
 		return true
 	}
+	if path == "/admin/user/terminate-session" {
+		return true
+	}
 	return false
 }