Title: Critical issue
Last modified: March 30, 2020

---

# Critical issue

 *  [Rookie](https://wordpress.org/support/users/alriksson/)
 * (@alriksson)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/critical-issue-3/)
 * The plugin sets a cookie for anonymous users. Causing Cloudflare edge cache to
   listen to this header and cause cache hit ratio issues.
 * This cookie should not be set on non logged in users? And should not be set on
   any other page than login. This needs a fix asap as I could need to disable the
   plugin.
 *     ```
       set-cookie: twofas_session_id=UyQyU0NsVUl0ZnNYSjp8Iw%3D%3D; expires=Mon, 30-Mar-2020 13:13:20 GMT; Max-Age=3600; path=/; HttpOnly
       3:21 pm
       ```
   
 * Would appreciate if I could receive an answer as soon as possible.
 * Why is this cookie on all pages?
    Why is cookie set on users even if not logged
   in or successful login? This cookie cause issue and modify the cache-control 
   headers.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [2FAS](https://wordpress.org/support/users/2fas/)
 * (@2fas)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/critical-issue-3/#post-12605171)
 * Thank you for letting know us about this issue, you are absolutely right that
   this cookie should be set only on login process but it doesn’t cause security
   problems in the plugin.
    We’ll see what happened and fix it in next release as
   soon as possible.
 *  Thread Starter [Rookie](https://wordpress.org/support/users/alriksson/)
 * (@alriksson)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/critical-issue-3/#post-12605220)
 * Correct but it causes other issues as well as described above. Appreciate the
   fast response and hope to see a fix and a release as soon as possible.
 * Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Critical issue’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/2fas_ffffff.svg)
 * [2FAS Classic - Two Factor Authentication](https://wordpress.org/plugins/2fas/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/2fas/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/2fas/)
 * [Active Topics](https://wordpress.org/support/plugin/2fas/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/2fas/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/2fas/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Rookie](https://wordpress.org/support/users/alriksson/)
 * Last activity: [6 years, 1 month ago](https://wordpress.org/support/topic/critical-issue-3/#post-12605220)
 * Status: not resolved