Skip to content
Snippets Groups Projects

[societegenerale] keep the MFA from being reset after 10 minutes

Merged Ludovic LANGE requested to merge llange/woob:708-societegenerale-mfa-reset into master
  1. Aug 26, 2024
    • Ludovic LANGE's avatar
      [societegenerale] keep the MFA from being reset after 10 minutes · eb616818
      Ludovic LANGE authored and Frandeboeuf Nicolas's avatar Frandeboeuf Nicolas committed
      To prevent a MFA reset we need to a) set the `TWOFA_DURATION` constant (to 90 days)
      so that the state is not automatically reset at `STATE_DURATION` minutes ; and b)
      prevent the important cookie from being flushed at the start of a session.
      
      Trials and errors determined a cookie whose name starts with `NAVID-` to be
      responsible for keeping the MFA session.
      
      Cf #708
      eb616818
Loading