Avatar for Username

Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Learn More

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

clear 2FA cache on logout

  • 2 risposte
  • 1 ha questo problema
  • 49 visualizzazioni
  • Ultima risposta di mnlpn

mnlpn
mnlpn
more options

Using 2FA Auth as website login. How would you clear cache when user logs out. the logout:logout@mywebsite is not a good solution, 

   as myname@mywebsite will let me back in again.

Thanks

Using 2FA Auth as website login. How would you clear cache when user logs out. the logout:logout@mywebsite is not a good solution, as myname@mywebsite will let me back in again. Thanks

Soluzione scelta

Hi mnlpn, are you looking at this as the website user or the website developer?

User Perspective

Generally speaking, after your second factor is authenticated, the site will set a cookie with some kind of token in it. When Firefox requests pages from the site, it sends the site the cookies it has set and the site considers whether you should have access. If you want to force a new MFA/2FA, you can clear the site's cookies when you are done using it. Here's how:

While viewing a page on the site, click the lock icon at the left end of the address bar. After a moment, a "Clear Cookies and Site Data" button should appear at the bottom. Go ahead and click that.

In the dialog that opens, you will see one or more matches to the current address so you can remove the site's cookies individually without affecting other sites.

Developer Perspective

I haven't done this myself, but I imagine you could modify your code that validates the MFA/2FA cookie so that token can only be used if it was issued during the same session. Maybe? Generally speaking, we suggest other sites for developer support: Where to go for developer support.

Leggere questa risposta nel contesto 👍 0

Tutte le risposte (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Soluzione scelta

Hi mnlpn, are you looking at this as the website user or the website developer?

User Perspective

Generally speaking, after your second factor is authenticated, the site will set a cookie with some kind of token in it. When Firefox requests pages from the site, it sends the site the cookies it has set and the site considers whether you should have access. If you want to force a new MFA/2FA, you can clear the site's cookies when you are done using it. Here's how:

While viewing a page on the site, click the lock icon at the left end of the address bar. After a moment, a "Clear Cookies and Site Data" button should appear at the bottom. Go ahead and click that.

In the dialog that opens, you will see one or more matches to the current address so you can remove the site's cookies individually without affecting other sites.

Developer Perspective

I haven't done this myself, but I imagine you could modify your code that validates the MFA/2FA cookie so that token can only be used if it was issued during the same session. Maybe? Generally speaking, we suggest other sites for developer support: Where to go for developer support.

mnlpn
mnlpn Utente che ha posto la domanda
more options

will take it to developer support. Thx.