Maintaining "Remember this Device" support with non-persistent sessions

Feature: Maintaining “Remember this Device” support with non-persistent sessions

Description: It seems feasible that Auth0 should allow the two things to work simultaneously:

  1. “Non-Persistent Sessions” such that when the user closes the browser all cookies except the auth0-mf cookie are invalidated.
  2. “Remember this Device for 30 days” such that even if the user closes the browser and opens our application, they aren’t prompted for MFA again.

Use-case: We want the added security bonus of “Non-Persistent Sessions” while still getting the ease-of-use for users of allowing for the device to be remembered such that users are not challenged for MFA on subsequent logins.