- Implement new `/sessionMgr/remove` endpoint for superusers to remove sessions
- Refactor session and token management to use sessionTokenMap for better tracking
- Update session cleanup logic to handle both tokens and sessions
- Add documentation for new API endpoint in docs/api.md
- Modify logout handler to use new session removal approach
- Move token-related functions from auth.go to new session.go
- Add session tracking with expiration and cleanup
- Implement session list API endpoint
- Update login/logout handlers to use session system
- Add hourly cleanup of expired tokens and sessions
