Patch #29781

Prevent users from getting stuck with an expired password recovery token in their session

Added by Jens Krämer almost 3 years ago. Updated almost 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Accounts / authentication
Target version:4.0.0

Description

A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.

  • to fix that, the token is cleared from the session and the user is
    asked to try again
  • before this change, the user would have to clear their cookies in this
    case to be able to ever get a new token

0001-Handles-the-case-when-an-expired-token-is-in-the-use.patch Magnifier (5.45 KB) Jens Krämer, 2018-10-17 06:28

Related issues

Related to Redmine - Feature #28561: Add note about link validity to password lost email Closed

Associated revisions

Revision 17601
Added by Go MAEDA almost 3 years ago

Handles the case when an expired token is in the users session (#29781).

Patch by Jens Krämer.

Revision 17602
Added by Go MAEDA almost 3 years ago

Update locales (#29781).

History

#1 Updated by Go MAEDA almost 3 years ago

  • Related to Feature #28561: Add note about link validity to password lost email added

#2 Updated by Go MAEDA almost 3 years ago

  • Subject changed from prevent users from getting stuck with an expired password recovery token in their session to Prevent users from getting stuck with an expired password recovery token in their session
  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Target version set to 4.0.0

Committed. Thank you for your contribution.

Also available in: Atom PDF