Thx for your response. I’m sorry, we’re talking about different things. It’s not a question of remaining authenticated.
I’m referring to the “allowRememberBrowser” property as part of MFA. So that the user doesn’t have to provide a 2nd factor every single time.
This appears to use some sort of digital signature that Auth0 maintains.
Recently, I had someone login who had logged in 2 weeks ago. At that time, they did a 2nd factor. Then two weeks later, same machine, same browser, they had to do it again. I looked at the data for each login, and while I don’t know the specifics of Auth0’s implementation for remembering the browser for MFA, the only data I saw that could be the reason to invalidate the remember browser, was the person’s version of Chrome went from v77 to v78.