Skip to content

[societegenerale] keep the MFA from being reset after 10 minutes

To prevent a MFA reset we need to a) set the TWOFA_DURATION constant (to 90 days) so that the state is not automatically reset at STATE_DURATION minutes ; and b) prevent the important cookie from being flushed at the start of a session.

Trials and errors determined a cookie whose name starts with NAVID- to be responsible for keeping the MFA session.

Cf #708

Note: This MR is based on another MRs !909 (merged), !910 (merged), !911 (merged) which must be merged first, and this one rebased. Thus the "Draft" status.

Edited by Ludovic LANGE

Merge request reports