We are using APM for OTP authentication , The problem is that there are a number of users who on purpose make the first registration using the username and password, then after the OTP-code arrives, they open another tab in the browser and request a new login, then a new OTP-code is sent to them and so on, how can I limit this by not allowing a new OTP-code to be sent In the event that the first code is still active, for example, for a period of 3 minutes
When APM creates an OTP code you can save it on a table with help of an iRule so if user try to create another session, you can able to check whether same user have a session already. If there is another OTP code, so you can return a message that says like "use OTP code sent previusly".
But this looks like an example of "wrong usage of computers" more than an APM problem. If i encounter same problem, i probably choose to put a time limit which restrict users have one session in a certain time of frame. When they open another one, i block them for a limited of time, so evolution continues and people learn.
Please can someone help me to prevent users from using 2 factor auth for a certain period of 3 min in case the first otp code is sent to the user. I tried to find out the last user auth process using irule but without any benefit