diff --git a/services/web/scripts/purge_non_logged_in_sessions.js b/services/web/scripts/purge_non_logged_in_sessions.js
new file mode 100644
index 0000000000..5a3e8103c5
--- /dev/null
+++ b/services/web/scripts/purge_non_logged_in_sessions.js
@@ -0,0 +1,60 @@
+const RedisWrapper = require('@overleaf/redis-wrapper')
+const Settings = require('@overleaf/settings')
+const SessionManager = require('../app/src/Features/Authentication/SessionManager')
+const async = require('async')
+const _ = require('lodash')
+
+const redis = RedisWrapper.createClient(Settings.redis.web)
+
+let totalDeletedSessions = 0
+
+const queue = async.queue(function (sessKey, callback) {
+  const cb = _.once(callback)
+  redis.get(sessKey, (_err, session) => {
+    try {
+      if (SessionManager.isUserLoggedIn(JSON.parse(session))) {
+        cb()
+      } else {
+        redis.del(sessKey, () => {
+          totalDeletedSessions++
+          cb()
+        })
+      }
+    } catch (err) {
+      console.log(`${sessKey} couldn't parse`)
+      cb()
+    }
+  })
+}, 10)
+
+function scanAndPurge(cb) {
+  const stream = redis.scanStream({
+    match: 'sess:*',
+    count: 100,
+  })
+  console.log('starting scan')
+
+  stream.on('data', resultKeys => {
+    console.log(`Keys found, count:${resultKeys.length}`)
+    console.log(`Keys deleted so far: ${totalDeletedSessions}`)
+    queue.push(resultKeys)
+  })
+
+  stream.on('end', () => {
+    queue.drain = () => {
+      console.log(
+        `All sessions have been checked, ${totalDeletedSessions} deleted`
+      )
+      cb()
+    }
+  })
+
+  stream.on('error', err => {
+    console.log(err)
+  })
+}
+
+scanAndPurge(err => {
+  console.error(err)
+  process.exit()
+})