iaresee
Active member
The guy who pays for my forum has issues with 2FA that have me scratching my head.
He's accessing the site from three separate computers. Two are kind of close to each other, physically, but at different locations. So they're on different subnets and come at the forum from different IPs. The third computer is physical distant from the other two and also on a different sub-net and accesses the forum from a different, public IP.
On all three computers he's using
Over a two week period he'll access the forum from all three computers.
Here's the weird part.
If he moves between the two, physical close machines he's not prompted to re-enter his 2FA code in that 14 day period. If he uses the physical distant machine he's asked to enter his 2FA code and, upon returning to one of the physical near machines he's also required to re-enter his 2FA code.
The elapsed time between these accesses is far less than 30 days.
I'm scratching my head here. I'd be surprised if the 2FA was expired because of some geo-IP trigger like this. That seems overly advanced. But maybe it is?
Is there a way to tell why the trust is expired?
He's going to send along the xf_tfa_trust cookie contents but I'm starting this thread in case there's something obvious going on that I'm just missing.
He's accessing the site from three separate computers. Two are kind of close to each other, physically, but at different locations. So they're on different subnets and come at the forum from different IPs. The third computer is physical distant from the other two and also on a different sub-net and accesses the forum from a different, public IP.
On all three computers he's using
Stay logged in
and Trust this device for 30 days
when supplying his password and 2FA code.Over a two week period he'll access the forum from all three computers.
Here's the weird part.
If he moves between the two, physical close machines he's not prompted to re-enter his 2FA code in that 14 day period. If he uses the physical distant machine he's asked to enter his 2FA code and, upon returning to one of the physical near machines he's also required to re-enter his 2FA code.
The elapsed time between these accesses is far less than 30 days.
I'm scratching my head here. I'd be surprised if the 2FA was expired because of some geo-IP trigger like this. That seems overly advanced. But maybe it is?
Is there a way to tell why the trust is expired?
He's going to send along the xf_tfa_trust cookie contents but I'm starting this thread in case there's something obvious going on that I'm just missing.