Try to use browser storage instead of fingerprint in StayConnected (#2881)
Design:
- registration:
- server sends a proposed TOTP secret
- if browser has a local storage, it stores the key and use it to generate TOTP
- else it downloads fingerprint2.js and does like before
- if server gets a valid TOTP, it stores the TOTP secret in permanent session, esle it does like before
- authentication
- when cookie exists, server sends the same HTML/JS than registration
- if browser has TOTP secret in its storage, it uses it
- else it downloads fingerprint2.js and does like before
- if server gets a valid TOTP or a valid fingerprint (if no secret were stored) => OK
Edited by Yadd