I am able to log in to the admin panel without being prompted for 2FA. I disabled it, and re-enabled it, and no change. I am using Bitwarden, but I don’t think that matters here.
Has anyone else encountered this? Everything else seems to be working fine.
Did you clear cache and cookies and ensure that your browser isn’t caching your two FA??
Didn’t know caching 2FA was a thing. Thanks.
OTP codes shouldn’t be cached anywhere. If it doesn’t ask for a code, it probably means 2FA isn’t on and working.
2FA is working for me, but I would appreciate if you @tyler could continue to investigate in case there is a bug.
If you log into the admin portal, upgrade MIAB to the new version, and then go back to the admin panel I’ve had it not ask for 2FA again. Several hours later try hitting the admin site and its back to asking for a code. Not sure maybe caching isn’t the right “word” here but it certainly feels like a cached token.
I quickly ran some tests on my end. This was using safari on a Mac. Maybe another OS or browser might impact the behaviot.
This would indicate that the session remains in cache as long as the browser is not closed. The session expires anywhere between 5m and 30m
I would not expect 2FA to ever be cached, yet that does seem like the behavior that’s happening.
I will see if I can find the cache headers on the 2FA HTML assets.
This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.