Always require token when user has an old cookie

twilio / authy-devise

Authy Devise plugin to add Two-Factor Authentication

MIT License

200 stars 84 forks source link

Always require token when user has an old cookie #72

Closed senekis closed 7 years ago

senekis commented 7 years ago

For security purpose because the old cookie wasn't account specific. See #58

senekis commented 7 years ago

Thanks @Gasparila and @MikeRogers0, I merged your PRs.

I did a little change when user has an old cookie with the remember device option. I hope tomorrow or this week I'm going to release a new gem version.