mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-25 02:46:41 +00:00
b6cbb68428
Fixed an issue in `isSessionValid()` where users with multiple configured MFA methods (e.g., TOTP and U2F) would have their sessions incorrectly invalidated. The function previously used exclusive if-else logic that only checked the first matching method, causing validation to fail even when other configured methods were successfully verified. Closes #10529 # Which Problems Are Solved [#10529](https://github.com/zitadel/zitadel/issues/10529) # How the Problems Are Solved - Replaced exclusive if-else if chain with inclusive validation logic - Session is now considered valid if ANY configured MFA method has been verified - Improved error logging to show all configured methods and their verification status Example: A user with both TOTP and U2F configured can now successfully authenticate using either method, whereas previously the session would be invalid if they used U2F but TOTP was checked first.