Setting an identity as inactive through the admin API in Ory Kratos does not automatically invalidate all of the sessions that identity has. You should call the

deleteIdentitySessions

endpoint as a secondary step to irrecoverably and permanently delete and invalidate all sessions that belong to the given Identity. Here is the endpoint you should call:

DELETE /admin/identities/{id}/sessions

This endpoint requires the identity's ID as a parameter. Here is an example of how you can do this in Go:

go package session      import (    "context"    "fmt"    "os"       "<http://github.com/ory/client-go|github.com/ory/client-go>"   )      type oryMiddleware struct {    ory *ory.APIClient   }      func init() {    cfg := client.NewConfiguration()    cfg.Servers = client.ServerConfigurations{     {URL: fmt.Sprintf("<https://%s.projects.oryapis.com>", os.Getenv("ORY_PROJECT_SLUG"))},    }       ory = client.NewAPIClient(cfg)   }      func DisableAndDeleteSessions(ctx context.Context, identityId string) (err error) {    _, err = ory.IdentityApi.DeleteIdentitySessions(ContextWithToken(ctx), identityId).     Execute()    return err   }

And here is how you can do it in TypeScript:

typescript import { Configuration, IdentityApi } from "@ory/client"      const identity = new IdentityApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: `${process.env.ORY_ACCESS_TOKEN}`,     }),   )      export async function disableAndDeleteSessions(identityId: string) {     return await identity.deleteIdentitySessions({       id: identityId,     })   }

Remember, to perform this operation, you must be authenticated by means of one of the following methods:

oryAccessToken

. Sources: - [Kratos API Reference - deleteIdentitySessions](https://www.ory.sh/docs/kratos/reference/api) - [Revoke and delete sessions of a user](https://www.ory.sh/docs/kratos/session-management/list-revoke-get-sessions#revoke-and-delete-sessions-of-a-user) - [Delete sessions for a user in Go](https://www.ory.sh/docs/kratos/sdk/go#delete-sessions)

The behavior you're observing might be due to how Ory Kratos handles sessions and identity states. While the

deleteIdentitySessions

endpoint explicitly invalidates all sessions for a given identity, setting an identity's state to inactive might also affect the validity of the user's session. However, the provided knowledge sources do not contain specific information about the behavior of sessions when an identity's state is set to inactive. It's possible that Ory Kratos checks the state of the identity during session validation and if the identity is inactive, the session might be considered invalid, leading to the user being redirected to the login flow. For a definitive answer, I would recommend checking the Ory Kratos documentation or reaching out to the Ory community for more specific information about how setting an identity to inactive affects sessions.