Hmm, yeah that’s definitely a good way to avoid it. The problem is when they get logged out due to inactivity, I do want them to have to redo MFA. Essentially I want the session to be valid for renewAuth calls but force relogging in fully if they timeout without renewing.
2 Likes