diff --git a/control-plane/internal/api/sessions.go b/control-plane/internal/api/sessions.go
index 441e75a..6a80e7f 100644
--- a/control-plane/internal/api/sessions.go
+++ b/control-plane/internal/api/sessions.go
@@ -43,3 +43,25 @@ func (s *Sessions) Valid(tok string) bool {
 	}
 	return time.Now().Before(sess.expires)
 }
+
+// User returns the username for a valid token, or "" if the token is
+// unknown or expired.
+func (s *Sessions) User(tok string) (string, bool) {
+	s.mu.RLock()
+	sess, ok := s.store[tok]
+	s.mu.RUnlock()
+	if !ok {
+		return "", false
+	}
+	if !time.Now().Before(sess.expires) {
+		return "", false
+	}
+	return sess.user, true
+}
+
+// Revoke drops a session. Used by /api/logout.
+func (s *Sessions) Revoke(tok string) {
+	s.mu.Lock()
+	delete(s.store, tok)
+	s.mu.Unlock()
+}