Hi mnlpn, are you looking at this as the website user or the website developer? ''User Perspective'' Generally speaking, after your second factor is authenticated, the site will set a cookie with some kind of token in it. When Firefox requests pages from the site, it sends the site the cookies it has set and the site considers whether you should have access. If you want to force a new MFA/2FA, you can clear the site's cookies when you are done using it. Here's how: While viewing a page on the site, click the lock icon at the left end of the address bar. After a moment, a "Clear Cookies and Site Data" button should appear at the bottom. Go ahead and click that. In the dialog that opens, you will see one or more matches to the current address so you can remove the site's cookies individually without affecting other sites. ''Developer Perspective'' I haven't done this myself, but I imagine you could modify your code that validates the MFA/2FA cookie so that token can only be used if it was issued during the same session. Maybe? Generally speaking, we suggest other sites for developer support: [[Where to go for developer support]].

will take it to developer support. Thx.