Patch #29781
Prevent users from getting stuck with an expired password recovery token in their session
Status: | Closed | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | % Done: | 0% | ||
Category: | Accounts / authentication | |||
Target version: | 4.0.0 |
Description
A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.
- to fix that, the token is cleared from the session and the user is
asked to try again - before this change, the user would have to clear their cookies in this
case to be able to ever get a new token
Related issues
Associated revisions
Handles the case when an expired token is in the users session (#29781).
Patch by Jens Krämer.
Update locales (#29781).
History
#1
Updated by Go MAEDA over 3 years ago
- Related to Feature #28561: Add note about link validity to password lost email added
#2
Updated by Go MAEDA over 3 years ago
- Subject changed from prevent users from getting stuck with an expired password recovery token in their session to Prevent users from getting stuck with an expired password recovery token in their session
- Status changed from New to Closed
- Assignee set to Go MAEDA
- Target version set to 4.0.0
Committed. Thank you for your contribution.