I realized that clicking ‘Deauthorize all sessions’ in the web vault does not immediately log you out on your mobile device (Android in my case). Using the fingerprint still opens the vault and you can view all passwords. Only as soon as you connect to the server (through sync for example), the session is deauthorized.
I would find it nice if the app immediately tries to connect to the server in any way, e.g via syncing, as soon as one starts the app or at least when unlocking the vault. This would kick you out immediately when all sessions were deauthorized.