https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32369
Marcel de Rooy <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #3 from Marcel de Rooy <[email protected]> --- No, this is not a bug. This is design :) It always worked that way already. If you log in via the OPAC, you have a session (+cookie) that allows you access to staff too [when having sufficient permissions] when sharing the same domain between OPAC and staff. So, 2FA works here as expected. If you do not want that to happen, it is indeed a matter of configuration. Make sure that OPAC and staff are not using the same domain. They wont share the cookie, problem solved. Thats not the final word imo though. We already have reports asking for e.g. separate timeout settings for OPAC and staff/intranet sessions. We should imo create a separate OPAC and staff session and session cookie. This probably wont happen before refactoring/rewriting C4::Auth? I couldnt find a report for separating the session so quickly, so I opened a new one. But I think that it must have been submitted already in the past, only with some other terms or so.. Bug 32385. Closing this one. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
