Jump to content
snobjorn

Tfa module not remembering me

Recommended Posts

I have ProcessWire 3.0.165 installed, TfaTotp 0.0.4 and TfaEmail 0.0.2. And I have the problem that the system is not remembering the login. It keeps asking for both login and tfa code at every restart of my browser. Also other users of my website is reporting the same.

I am at a loss where to begin debugging this issue. I have tried multiple browsers. Also deactivating all options in ProcessLogin for Do not allow user to skip code entry when any of these properties change does not help. The settings are for remember me for 90 days.

Any one had the same experience?

Share this post


Link to post
Share on other sites

Moderator note: this is not a module support thread, so I'm moving it to the General Support area of the forum instead. Please keep in mind that the Modules/Plugins area is only intended for module-specific support threads. Thanks!

 
 

Share this post


Link to post
Share on other sites

I think I have a relevant clue on how to solve this. It seems that the authenticate code is remembered on my "www.domain.com" page. But the problem I posted on, was on "subdomain.domain.com". So I think it is because of the subdomain. I have not yet found a way to check this out and test my theory.

Share this post


Link to post
Share on other sites

Could there be some issues with cookies or sessions? Or settings that one would have to set for a subdomain login to work properly, so that the 2FA code is remembered after a browser restart?

Share this post


Link to post
Share on other sites

I think I got a step closer. I have a few lines of code in a ready.php file to redirect the user to the front end after login. When I removed these lines, the browser login session at my ProcessWire page remembered me the next time, and did not ask for the two factor authentication code. There are the lines of code. I'm not sure about the first part being relevant, but they are part of ready.php anyway.

$wire->addHookAfter('InputfieldPage::getSelectablePages', function($event) {
  if($event->object->name == 'avdeling') {
    $event->return = $event->pages->get("id=$event->user")->editor_unit;
  }
});

$this->addHookAfter('Session::loginSuccess', null, function($event) {
    if($this->wire('user')) $this->wire('session')->redirect("/");
});

Does anyone know why these lines of code would make the login ask for the TFA code every time?

Share this post


Link to post
Share on other sites

I found a solution.

At least the solution still works after some testing: Logging in, typing tfa, logging out, closing browser.

The solution was to hook the redirect after ProcessLogin::afterLogin

$this->addHookAfter('ProcessLogin::afterLogin', null, function($event) {
    if($this->wire('user')) $this->wire('session')->redirect("/");
});

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...