onli

Two thoughts: 1. `alg`-selection is or was one of the big attack vectors for JWTs, https://www.chosenplaintext.ca/2015/03/31/jwt-algorithm-confusion.html as an example. A sound alg selection and not accepting unknown parameters should be...

It is the installer that marks the subdirectories as locked? I'm not aware of s9y installations with IIS, and also am unable to test such a setup. S9y actually relies...

Okay. We can leave the issue open, but will need help to fix this. I for example simply don't have a Windows system available anymore.

Hi @Ressy66, thanks for the suggestions! This is about serendipity_plugin_pollbox? My suggestion would be to change the cookie from a session cookie to a longer lasting one, and maybe also...

Hi @stevleibelt, yes :) If this works with the email code it should be quite possible to switch the flow to TOTP instead. The setup then would be the issue...