Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add trusted devices for 2FA #559
This is a first draft of a trusted devices implementation for the Contao 2FA.
My advice would be to store a GUID in a cookie
We should send an email when a new device is flagged as a trusted device. If the user didn't add it, or if he doesn't recognize the device information, he can clear his trusted devices immediately.
A cookie can be set/modified client-side, but the same is for the User-Agent. Why is checking for both cookie and user-agent considered as more secure then?