XF 2.1 Not remembering two-step verification sessions

I

iGee

Member
Hello,

I have Cloudflare setup with my XenForo forum, with these settings enabled:

AutoMinify: HTML, CSS, Javascript
Rocket Loader: Enabled
Browser Cache TTL: 30 minutes
Security Level: Low
Cache Level: Ignore Query String

When a user logs in, and passes the two-step verification process (and ticks trust for 30 days). If they then log out and back in shortly after, it will prompt for two-step verification again.

Is there anything that could be affecting why XenForo isn't remembering the verification for 30 days?

Thanks for your help,
 
Sort by date Sort by votes
i have rocket loader disabled (a lot of folks here have said that it causes problem with xenforo). i also have cache level set to standard (i believe it is a bad idea to ignore query string on xenforo as xenforo seems to use it to update css and other stuff). rest same. no problems here.
 
Upvote 0 Downvote
OperaManiac said:
i have rocket loader disabled (a lot of folks here have said that it causes problem with xenforo). i also have cache level set to standard (i believe it is a bad idea to ignore query string on xenforo as xenforo seems to use it to update css and other stuff). rest same. no problems here.
Click to expand...

I've just disabled rocket loader and changed my cache setting. But it's still doing it?

Is it because I've logged into one account with two factor enabled, then logged out and logged in with a different account with two factor enabled as well on the same PC? Does it only allow one IP per account for two factor verification? I don't see why that would be a problem though.
 
Upvote 0 Downvote
i am guessing your cookies are completely overwritten when you login with another user on the same browser? to check for ip specific thing, you can always do it on a second browser and see if that could be the reason? this is assuming you are doing it on the same browser!
 
Upvote 0 Downvote
You're correct, it works when I use a different browser. It's weird that it overwrites my cookies. Do you know why this is?

I was using Google Chrome for both accounts, but using Chrome and Safari with the two different accounts work.
 
Upvote 0 Downvote
makes sense. it is going to use same cookie parameters for all logins. so when you login with user2, it would overwrite all the cookies created for user1 including those for 2fa. i assume it does not clean 2fa specific cookies when you simply logout which is why you don't have to do 2fa if you logout and login within the 30 day period.

i am not sure if 2fa settings of user1 would be preserved if user2 is not using 2fa.

----

now that the issue is resolved, you might want to revert the cloudflare settings. assuming rocket loader and ignore query string settings were not causing issues for you!
 
Upvote 0 Downvote
I also have this issue, but I only use one account in this specific Firefox container, so that should work fine. And I have Cloudflare cache for admin.php set to bypass.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

H
  • Solved
XF 2.3 I Can't Cancel Two-Step Verification
2
Replies
22
Views
125
htsumer
H
Q
  • Question Question
XF 2.3 two-step verification
Replies
1
Views
37
Old Nick
O
alexm
  • Question Question
XF 2.2 How do I find the number of users with Two-step verification enabled?
Replies
5
Views
52
alexm
alexm
craigForo
  • Solved
XF 2.3 Two-step verification required
Replies
2
Views
66
craigForo
craigForo
Jkay
  • Question Question
XF 2.2 Users Batch update, Require two-step verification
Replies
4
Views
91
Jkay
Jkay
Back
Top Bottom