Prevent users from getting stuck with an expired password recovery token in their session
|Assignee:||Go MAEDA||% Done:|
|Category:||Accounts / authentication|
A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.
- to fix that, the token is cleared from the session and the user is
asked to try again
- before this change, the user would have to clear their cookies in this
case to be able to ever get a new token
Handles the case when an expired token is in the users session (#29781).
Patch by Jens Krämer.
#2 Updated by Go MAEDA almost 3 years ago
- Subject changed from prevent users from getting stuck with an expired password recovery token in their session to Prevent users from getting stuck with an expired password recovery token in their session
- Status changed from New to Closed
- Assignee set to Go MAEDA
- Target version set to 4.0.0
Committed. Thank you for your contribution.