Last successful login with 2FA

[michalsn]

I noticed that when we have 2FA enabled, providing valid login information is enough to fill auth_logins with a successful entry. Shouldn't this happen after using the code from the email to confirm the login?

[kenjis]

It is documented: https://codeigniter4.github.io/shield/references/authentication/session/#login

But I think we should record both authentication by form and by email confirmation.
And to end users, the login is when email confirmation is done.