diff --git a/src/views/profile.html b/src/views/profile.html
index efe4d906e..da8d5ac54 100644
--- a/src/views/profile.html
+++ b/src/views/profile.html
@@ -245,7 +245,7 @@
   </div>
 
   <div class="text-left" ng-show="user.admin">
-    <h3>Sessions</h3>
+    <h3>Sessions and API Tokens</h3>
   </div>
 
   <div class="card" ng-show="user.admin">
diff --git a/src/views/profile.js b/src/views/profile.js
index d55d1a0ff..52ac20c9d 100644
--- a/src/views/profile.js
+++ b/src/views/profile.js
@@ -305,13 +305,11 @@ angular.module('Application').controller('ProfileController', ['$scope', '$locat
     }
 
     $scope.revokeTokens = function () {
-        asyncForEach($scope.activeClients, revokeTokensByClient, function () {
-
-            // now kill this session if exists
-            if (!$scope.webadminClient || !$scope.webadminClient.id) return;
-
-            revokeTokensByClient($scope.webadminClient, function () {
-                // we should be logged out by now
+        // first revoke all non webadmin tokens
+        asyncForEach($scope.activeClients.filter(function (c) { return c.id !== 'cid-webadmin'; }), revokeTokensByClient, function () {
+            // WARNING keep in sync with clients.js in box code
+            revokeTokensByClient('cid-webadmin', function () {
+                Client.logout(); // this destroys the OAuth session
             });
         });
     };