Critical issue

  • The plugin sets a cookie for anonymous users. Causing Cloudflare edge cache to listen to this header and cause cache hit ratio issues.

    This cookie should not be set on non logged in users? And should not be set on any other page than login. This needs a fix asap as I could need to disable the plugin.

    set-cookie: twofas_session_id=UyQyU0NsVUl0ZnNYSjp8Iw%3D%3D; expires=Mon, 30-Mar-2020 13:13:20 GMT; Max-Age=3600; path=/; HttpOnly
3:21 pm

    Would appreciate if I could receive an answer as soon as possible.

    Why is this cookie on all pages?
    Why is cookie set on users even if not logged in or successful login?
    This cookie cause issue and modify the cache-control headers.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author 2FAS

    (@2fas)

    Thank you for letting know us about this issue, you are absolutely right that this cookie should be set only on login process but it doesn’t cause security problems in the plugin.
    We’ll see what happened and fix it in next release as soon as possible.

    Thread Starter Rookie

    (@alriksson)

    Correct but it causes other issues as well as described above. Appreciate the fast response and hope to see a fix and a release as soon as possible.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Critical issue’ is closed to new replies.