XF 2.1 Not remembering two-step verification sessions

I

iGee

Member
Hello,

I have Cloudflare setup with my XenForo forum, with these settings enabled:

AutoMinify: HTML, CSS, Javascript
Rocket Loader: Enabled
Browser Cache TTL: 30 minutes
Security Level: Low
Cache Level: Ignore Query String

When a user logs in, and passes the two-step verification process (and ticks trust for 30 days). If they then log out and back in shortly after, it will prompt for two-step verification again.

Is there anything that could be affecting why XenForo isn't remembering the verification for 30 days?

Thanks for your help,
 
Sort by date Sort by votes
i have rocket loader disabled (a lot of folks here have said that it causes problem with xenforo). i also have cache level set to standard (i believe it is a bad idea to ignore query string on xenforo as xenforo seems to use it to update css and other stuff). rest same. no problems here.
 
Upvote 0 Downvote
OperaManiac said:
i have rocket loader disabled (a lot of folks here have said that it causes problem with xenforo). i also have cache level set to standard (i believe it is a bad idea to ignore query string on xenforo as xenforo seems to use it to update css and other stuff). rest same. no problems here.
Click to expand...

I've just disabled rocket loader and changed my cache setting. But it's still doing it?

Is it because I've logged into one account with two factor enabled, then logged out and logged in with a different account with two factor enabled as well on the same PC? Does it only allow one IP per account for two factor verification? I don't see why that would be a problem though.
 
Upvote 0 Downvote
i am guessing your cookies are completely overwritten when you login with another user on the same browser? to check for ip specific thing, you can always do it on a second browser and see if that could be the reason? this is assuming you are doing it on the same browser!
 
Upvote 0 Downvote
You're correct, it works when I use a different browser. It's weird that it overwrites my cookies. Do you know why this is?

I was using Google Chrome for both accounts, but using Chrome and Safari with the two different accounts work.
 
Upvote 0 Downvote
makes sense. it is going to use same cookie parameters for all logins. so when you login with user2, it would overwrite all the cookies created for user1 including those for 2fa. i assume it does not clean 2fa specific cookies when you simply logout which is why you don't have to do 2fa if you logout and login within the 30 day period.

i am not sure if 2fa settings of user1 would be preserved if user2 is not using 2fa.

----

now that the issue is resolved, you might want to revert the cloudflare settings. assuming rocket loader and ignore query string settings were not causing issues for you!
 
Upvote 0 Downvote
I also have this issue, but I only use one account in this specific Firefox container, so that should work fine. And I have Cloudflare cache for admin.php set to bypass.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

F
  • Question Question
XF 2.2 two-step verification is being forced
Replies
0
Views
669
Forum-owner
F
digitalpoint
Cloudflare optimizations for XenForo
7 8 9
Replies
175
Views
17K
digitalpoint
digitalpoint
Fullmental
  • Question Question
XF 2.2 How to require two-step authentication on every access of ACP?
Replies
2
Views
957
Fullmental
Fullmental
Catsmother
  • Question Question
XF 2.1 Two Step Verification
Replies
5
Views
964
Paul B
Paul B
Wildcat Media
  • Question Question
XF 1.5 Two-step verification--how is the 30 day expiration saved?
Replies
0
Views
638
Wildcat Media
Wildcat Media
Top Bottom