SpigotVIP is ON SALE for $9.99 ➤ Unlock access to thousands of premium resources ➤ CLICK HERE TO UPGRADE YOUR ACCOUNT

We've got tons of Mc-Models ➤ Unlock a growing section of 650+ models ➤ CLICK HERE TO BUY OUR NEW UPGRADE FOR $15.99

Invalidate Session on 2FA Activation/Change

Thread starter Steffen
Start date Apr 21, 2024

Steffen

Guest

Member

Apr 21, 2024

It seems like it's best-practise to invalidate other sessions on 2FA activation/change ([1], [2]). At the moment, XenForo seems to invalidate other sessions on password change but not on 2FA activation/change.

The scenario goes like this:

Log in to the same account with two different browsers
Enable 2FA in one of the logged-in sessions
Observe that the other browser's session remains active

This has been reported to us via email (with the unfortunately common...

Read more

Continue reading...

You must log in or register to reply here.

@ Stacksyz: Hi how is everyone??? Hello, Im good how are you? 15 minutes ago

Chat 72

Top

Invalidate Session on 2FA Activation/Change

Steffen

Guest

Settings Notifications

Options