ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

clear 2FA cache on logout

  • 2 (ردّان اثنان)
  • 1 has this problem
  • 3 views
  • آخر ردّ كتبه mnlpn

more options

Using 2FA Auth as website login. How would you clear cache when user logs out. the logout:logout@mywebsite is not a good solution,

   as myname@mywebsite will let me back in again.

Thanks

الحل المُختار

Hi mnlpn, are you looking at this as the website user or the website developer?

User Perspective

Generally speaking, after your second factor is authenticated, the site will set a cookie with some kind of token in it. When Firefox requests pages from the site, it sends the site the cookies it has set and the site considers whether you should have access. If you want to force a new MFA/2FA, you can clear the site's cookies when you are done using it. Here's how:

While viewing a page on the site, click the lock icon at the left end of the address bar. After a moment, a "Clear Cookies and Site Data" button should appear at the bottom. Go ahead and click that.

In the dialog that opens, you will see one or more matches to the current address so you can remove the site's cookies individually without affecting other sites.

Developer Perspective

I haven't done this myself, but I imagine you could modify your code that validates the MFA/2FA cookie so that token can only be used if it was issued during the same session. Maybe? Generally speaking, we suggest other sites for developer support: Where to go for developer support.

Read this answer in context 👍 0

All Replies (2)

more options

الحل المُختار

Hi mnlpn, are you looking at this as the website user or the website developer?

User Perspective

Generally speaking, after your second factor is authenticated, the site will set a cookie with some kind of token in it. When Firefox requests pages from the site, it sends the site the cookies it has set and the site considers whether you should have access. If you want to force a new MFA/2FA, you can clear the site's cookies when you are done using it. Here's how:

While viewing a page on the site, click the lock icon at the left end of the address bar. After a moment, a "Clear Cookies and Site Data" button should appear at the bottom. Go ahead and click that.

In the dialog that opens, you will see one or more matches to the current address so you can remove the site's cookies individually without affecting other sites.

Developer Perspective

I haven't done this myself, but I imagine you could modify your code that validates the MFA/2FA cookie so that token can only be used if it was issued during the same session. Maybe? Generally speaking, we suggest other sites for developer support: Where to go for developer support.

more options

will take it to developer support. Thx.