Login via Passkey sets remember but not tfa_trust cookie

K

Kirby

Well-known member
Affected version
2.3.7
When logging in with a Passkey, XenForo automatically sets cookie _user so th user stays "logged in" but it does not set cookie tfa_trust so for the next session a TFA verification is required - which can be performed with the same Passkey that was used to initially log in.

IMHO this doesn't make much sense and probably annoys & confuses users.

XenForo should either
  1. Always set user and tfa_trust cookies when logging in via Passkey
    Preferred
  2. Never set remember cookie when logging in via Passkey
  3. Only set remember cookie when logging in via Passkey if the checkbox is ticked and also set tfa_trust in this is the case
  4. Ask the user wether they want to trust the device when logging in via Passkey just like it would be done if login was performed via password
 

Similar threads

Sim
Login via "Passkey" created on Yubikey 5 does not work
2
Replies
37
Views
2K
Kirby
K
TnT
Fixed Login via Passkey in Admin does not work
Replies
3
Views
191
XF Bug Bot
XF Bug Bot
J
  • Question Question
XF 2.3 Logging in via passkey does not work for the forum, but works for admin console.
Replies
1
Views
60
alexm
alexm
Back
Top Bottom