two_factor_authentication icon indicating copy to clipboard operation
two_factor_authentication copied to clipboard

Published 20 hours ago verified publisher icon Houdini

Added check for cookie expiration at DB level

Open inglemr opened this issue 7 years ago • 0 comments

This change prevents the user from being able to bypass 2FA by changing the expiration of the cookie manually by adding a timestamp for cookie expiration.

One potential issue is if the configuration option for cookie expiration is changed it won't take effect until the next time 2FA is requested for that specific user.

inglemr avatar Apr 05 '17 04:04 inglemr