Caching problem when enabling 2FA in WHM; does not remember active status


Mar 6, 2016
cPanel Access Level
Root Administrator
After seemingly successful setup of 2FA in WHM (v.54) both for root (my account) and a cPanel user, I can log both out and back in WITH 2FA to that normal cPanel user account on my VPS, and in and out of WHM with 2FA code. So far so good.

But subsequently caching issues on the WHM 2FA page creates problems.

When accessing that WHM 2FA setup page on next login, it reports the 2FA status as "disabled" (red), which is wrong.

Logging out and back in (again) does not help, BUT: when I have logged out and back into WHM as root another time after experiencing the wrong "disabled message", WHM does NOT ask for the 2FA code..., and 2FA status is still "disabled" on the main 2FA settings page (the first of the 3 tabs).

When clicking on the second tab of the 2FA settings page, the user tab, that one it does NOT fetch that "tab" from cache, but actually re-queries the database and successfully fetches the cPanel user I have set up with 2FA. At that moment, the red 2FA "disabled" status icon in WHM changes to green, and I receive a message stating that the 2FA settings was changed "in another browser session". (But I am the only user/admin logged into this VPS, not using multiple sessions.)

Then, on the 3rd tab of the 2FA settings page, "My account", it also states that 2FA is disabled for "My account" (root). Yet I just logged in as root to WHM with 2FA a minute ago (the first subsequent login after enabling 2FA).

Refreshing the page does not help, nor does logging out and back in (which NOW does NOT ask for 2FA, so now that status is "correct". I suspect that accessing that cached "My account" page may actually update the status from Active to Deactivated for the root account. But that is just a guess.

I have also tried to enable 2FA, activate it for "My account" (successfully), and immediately reboot the VPS, and log back into WHM again, but to no avail.

Observation: Every time I try to enable 2FA for "My account" again, it presents me with a new (different) secret key, not the same as the first time that I seemingly set it up "successfully".

This seems to be a WHM caching problem, not necessarily a 2FA problem.

I have seen similar caching "issues" on other WHM function pages too (at least in Firefox, which I am using for this (various versions, using the latest update now)), but they always resolve when logging out and back into WHM.


Staff member
Apr 11, 2011
Hello :)

Would you mind opening a support ticket using the link in my signature so we can take a closer look at your system and determine if it's reproducible? You can post the ticket number here so we can update this thread with the outcome.

Thank you.