Open stwalkerster opened 4 years ago
I would love this feature! Love 2FA but would love it more if the interval was like every 7 to 14 days vs every time I login.
@stwalkerster If there's not locally held data and just a cookie, is this a big lift? I'm thinking if they pass the U/P/2FA once, a cookie is probably good?
The issue is that cookies can be copied/stolen/etc. I'd love to know how other sites do this tbh.
Probably to be done by a longer-expiring cookie stored in the browser.
I'm not sure if we want to keep some locally-held data to ensure the cookie is from the same browser, such as a hash of the UA? I know Chrome continually updates, so that might not be feasible without parsing the UA to find less-changable bits, which also might harm the utility of the check. Perhaps we can do some crypto thing with something in local storage?
It will also need to support multiple browsers, which will be fun...