ARTICLE AD BOX
I have created an ASP.NET MVC application with a feature where an invoice contains a QR code. When a user scans the QR code, they are redirected to a page where they enter their mobile number and verify it using an OTP sent to that number.
This functionality works correctly on Android devices and older versions of iOS. However, an issue occurs on iOS Safari (latest versions). When the QR code is scanned, the user receives two different OTPs, and neither of them works for verification.
After reviewing the logs (written to a text file), I found that the OTP generation API is being called twice from iOS Safari. Even though logic is implemented to prevent OTP generation if a request is made within 5 minutes, the OTP is still being generated multiple times.
