In case of any security incident, an administrator should be able to invalidate all users' sessions. This applies to both active Jetty server sessions (FESESSIONID) as well as any 'remember me' tokens stored in cookies.

Currently the only option is to run a `delete from cru_login_cookie` SQL command (to remove 'remember me' tokens) and to restart a server (to clear Jetty sessions).

There shall be an option in the admin panel to clear those without restarting a server.

References:

https://confluence.atlassian.com/kb/how-to-force-all-users-of-atlassian-on-prem-products-to-re-authenticate-their-sessions-on-the-browser-1141985219.html