This is a question regarding Two-Factor Authentication settings.

This is my settings for Two-Factor Auth, and my understanding is that once I have given authorization via Google Auth app, I would not need to be asked again for another week unless my session is closed (signed out or timed out)

I take this to mean that I have signed out, or the PHP session has timed out after a period of time. However, I find that if I close my browser, and sign in via AdminCP, I am prompted to for authentication via Google Auth again.

I just wanted to know if this is the expected behaviour with this, or not?

Hi guys,

I'm going to change this to a bug.

Doesn't matter what setting I change, you are always for 2FA authentication every time I return to the ACP, regardless whether the session has ended or not.

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.