Reply to thread

Message

Not reproducible for me.

Steps I've taken
Logged out of xenforo.com in desktop chrome
Cleared all cookies for xenforo.com in desktop chrome
Logged in with my YubiKey 5 in desktop chrome
Unplugged YubiKey from USB but kept desktop chrome session open
Plugged YubiKey into USB on my notebook
Logged into xenforo.com with the YubiKey in notebook chrome
Checked status of desktop chrome session
Result
I was still logged into xenforo.com in desktop chrome

But there is an issue regarding Passkey login:
When logging into an account with Stay logged in ticked using a passkey on a fresh browser XenForo does not set cookie xf_tfa_trust.
So when the session expires or becomes otherwise invalid TFA will be required.

This is not technically "wrong" (passkey login does not ask wether to trust the device) but kinda unexpected.
Passkey login therefor should probably set that cookie if Stay logged in is ticked.

<blockquote data-quote="Kirby" data-source="post: 1679986" data-attributes="member: 1059">Not reproducible for me.Steps I&#039;ve taken<ol>
<li data-xf-list-type="ol">Logged out of xenforo.com in desktop chrome</li>
<li data-xf-list-type="ol">Cleared all cookies for xenforo.com in desktop chrome</li>
<li data-xf-list-type="ol">Logged in with my YubiKey 5 in desktop chrome</li>
<li data-xf-list-type="ol">Unplugged YubiKey from USB but kept desktop chrome session open</li>
<li data-xf-list-type="ol">Plugged YubiKey into USB on my notebook</li>
<li data-xf-list-type="ol">Logged into xenforo.com with the YubiKey in notebook chrome</li>
<li data-xf-list-type="ol">Checked status of desktop chrome session</li>
</ol>ResultI was still logged into xenforo.com in desktop chromeBut there is an issue regarding Passkey login:When logging into an account with Stay logged in ticked using a passkey on a fresh browser XenForo does not set cookie <code class="bbCodeInline">xf_tfa_trust</code>.So when the session expires or becomes otherwise invalid TFA will be required.This is not technically &quot;wrong&quot; (passkey login does not ask wether to trust the device) but kinda unexpected.Passkey login therefor should probably set that cookie if Stay logged in is ticked.</blockquote>

[QUOTE="Kirby, post: 1679986, member: 1059"] Not reproducible for me. Steps I've taken [LIST=1] [*]Logged out of xenforo.com in desktop chrome [*]Cleared all cookies for xenforo.com in desktop chrome [*]Logged in with my YubiKey 5 in desktop chrome [*]Unplugged YubiKey from USB but kept desktop chrome session open [*]Plugged YubiKey into USB on my notebook [*]Logged into xenforo.com with the YubiKey in notebook chrome [*]Checked status of desktop chrome session [/LIST] [B]Result[/B] I was still logged into xenforo.com in desktop chrome But there is an issue regarding Passkey login: When logging into an account with [B]Stay logged in[/B] ticked using a passkey on a fresh browser XenForo does not set cookie [ICODE]xf_tfa_trust[/ICODE]. So when the session expires or becomes otherwise invalid TFA will be required. This is not technically "wrong" (passkey login does not ask wether to trust the device) but kinda unexpected. Passkey login therefor should probably set that cookie if [B]Stay logged in[/B] is ticked. [/QUOTE]

Verification

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Reply to thread

We value your privacy