![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://discuss.tchncs.de/pictrs/image/367855b9-f175-4b68-a9c1-aeeb8c3f8319.png)
Fair enough. I guess it can be implemented someday if enough people ask for it since the back end is there (PIO core). The only thing left I guess is making the repo have offline capabilities so people can mirror it too. But I think it should be left as a separate project.
Be careful since it is a double edged sword. Device bound session means the browser has the capabilities to differentiate devices, and thus can be used for more accurate tracking information. Of course I’m not saying it is not useful, having created a fair share of websites myself, I know the pain of authentication on the web and how it can be challenging to secure from tons of possible attack vectors. And in my experience, the weakest link is always the user.