I have just joined a new organization where the trust remembered devices setting is configured for 180 days and would like to change that to a shorter value. If I make this change, will any end user who has enabled that setting in their browser need to turn it on again with the new value? If no, what happens to the existing cookies that were created and set to expire in 180 days?
Hi @emilysam ,
If a user has a Remembered Devices cookie present within their browser that has a lifespan of 180 days, when you make a change in the Duo Admin Panel for this policy setting, it will not affect the user’s existing cookie/token. Each token’s timestamp is signed, meaning that any update to the setting within Duo’s Admin Panel will not take hold until the existing cookie/token has expired.
Once the 180 day token expires, the user will be promoted to trust their browser and, if they choose to do so, it will create a new token with the timeframe currently configured within the Remembered Devices Policy setting. A user (or Endpoint Admin) can delete the 180-day cookie and it will prompt the user the next time they log in to re-create the cookie.
How can I invalidate a cookie for a Remembered Device if the user loses their device?
Hope this helps!