This is usually caused by either cookie settings, session settings (like userSessionDuration or session.cookie_lifetime) or the session store like in #64
There is just to much options to figure this out without debugging on your environment.
for me it was the problem that I had the debug-toolbar enabled for my account and that prevented me from logging in with 2FA. So I disabled 2FA, turned off my debug-toolbar and re-enabled 2FA...
Craft 3.9.1 Two-Factor 2.11.1 PHP 7.4.3
Front-end login-verify.twig is failing CSRF validation. When I debug yii2/web/Request validateCsrfTokenInternal I see the following:
`clientSuppliedToken = UglEXeYcWM7KEkoWANNe9E_QCY5iefnZee8HnV20gzHqfUd_g0aOY6FNDjL-gscsBOTZt03c9RuL9S5lu-yCEaQn5Pl3Ua1blyhjDvtTNDTP8hIFf4wrBldoEK5KjJLJ63BGvin3iZ25xBKuoTqBM0zn2Y83HUz0wL6SaqsVSIG9szFqox_Hu64nlrjEgWGeajDeAEwqDJ9YDr2TUS1UQrc8oCCfcNsYAcqqFdh0yhSAx2KgDnNN1xntEd0sO1DJ4fccPILt0nXtkX27lh0E2N3nIsBEhcFHaZ1p9h9aNs1nAlCqk3RmHeoYNjYLIJt66ab7jkR-2xvGvarbllfA8EPFZT--muh1XyiWlNHdE_5vMLLO3wYZ9Fbz__1t5Yz21T79GEzv
trueToken = 40q09y63Al7SXpfP8IsguFCZxStnxOz5U7mT8dHKnJVnFnDcIv_DXbEP2qZX81Qtix3wjbLvQuw_1rx-Hbzfij-O4KaY_tjGLWVE7nagoC8=`
Backend 2FA is working fine. All other front-end forms are working with csrf.
Front-end login-verify.twig is
`
I suspected the same failed on CSRF check during backend login, received error 400 on authen the 2FA. I disabled the plugin it works alright.
Craft 4.5.3 Solo Two-Factor 3.3.1 PHP 8.0.30 nginx/1.22.1
Can confirm the CRSF validation is failing for the back-end as well. Users can't log-in
This is usually caused by either cookie settings, session settings (like
userSessionDuration
orsession.cookie_lifetime
) or the session store like in #64 There is just to much options to figure this out without debugging on your environment.Probably the same as #83 and #76
for me it was the problem that I had the debug-toolbar enabled for my account and that prevented me from logging in with 2FA. So I disabled 2FA, turned off my debug-toolbar and re-enabled 2FA...
hope it helps someone...