I have two applications, one has the web api other and application use it to authenticate it itself.
How 2FA implemented in my application is, first get the username and password then authenticate it. After authenticate it I send the username, session key . If I get the correct mobile passcode , username and session key back, application authenticate it second time.
Now the problem is It works, when I use postman chrome plugin to test the 2FA. However if I use the second application to authenticate it fails.
When I debug through the code I found, it breaks at session variables. I get Key error. I assume that the session is empty when I try to authenticate second time from the application.
I am confused why it works from Postman plugin but not from the second application.
