Hi Henrik, are you talking about the 3 minute timeout for the nonce that GAPUP creates, or the 48 hour timeout for Core’s authentication cookies?
I’m guessing you talking about the Core cookie. This is what I did to try to reproduce the problem. Can you let me know if your process was different?
1) Enable Google Authenticator and Google Authenticator – Per User Prompt
2) Edit a post (so the Heartbeat feature will check the auth cookie frequently)
3) Delete all of WordPress’ cookies
That triggered the re-authentication modal, and I was able to login as expected. The first screen asked for the username/password, and the second one asked for the 2FA token.
I did see the spinner at both steps, but it went away after about a second.
Can you check if there are any JavaScript errors in your browser’s console?
Hi Ian
Yes it’s the core cookie timeout.
I used http://wordpress.org/plugins/configure-login-timeout/ for testing. (I’m performing some 2 screen tests on my code myself)
I had the spinner running for several minutes on the login modal.
Tried login in another browser so I guess it wasn’t my server being slow.
Best regards
Henrik
