Maintaining "Remember this Device" support with non-persistent sessions

jbean96 · May 14, 2024, 4:26pm

Feature: Maintaining “Remember this Device” support with non-persistent sessions

Description: It seems feasible that Auth0 should allow the two things to work simultaneously:

“Non-Persistent Sessions” such that when the user closes the browser all cookies except the auth0-mf cookie are invalidated.
“Remember this Device for 30 days” such that even if the user closes the browser and opens our application, they aren’t prompted for MFA again.

Use-case: We want the added security bonus of “Non-Persistent Sessions” while still getting the ease-of-use for users of allowing for the device to be remembered such that users are not challenged for MFA on subsequent logins.

Topic		Replies	Views
MFA Session Cookie (auth0-mf) Knowledge Articles session-cookie , auth0-mf	1	299	June 26, 2024
User Being Challenged with MFA Despite Checking "Remember this device for 30 days" Option Knowledge Articles mfa-policy , remember-device , allow-remember-browser	1	2695	December 7, 2022
Remember Browser Help auth0 , login	5	6314	January 9, 2020
MFA - Is it possible to turn off "Remember Device for 30 days"? Help	3	3579	November 23, 2022
Issue with MFA "Remember this device for 30 days" Option and Silent Auth Failures Help mfa , one-time-password-otp-factor	0	500	March 5, 2024

Maintaining "Remember this Device" support with non-persistent sessions

Related Topics