Project

General

Profile

Actions
Copy link

Patch #29781

closed

Prevent users from getting stuck with an expired password recovery token in their session

Added by Jens Krämer about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Accounts / authentication
Target version:
4.0.0
Start date:
Due date:
% Done:

0%

Estimated time:

Description

A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.

  • to fix that, the token is cleared from the session and the user is
    asked to try again
  • before this change, the user would have to clear their cookies in this
    case to be able to ever get a new token

Files

0001-Handles-the-case-when-an-expired-token-is-in-the-use.patch (5.45 KB) 0001-Handles-the-case-when-an-expired-token-is-in-the-use.patch Jens Krämer, 2018-10-17 06:28

Related issues

Related to Redmine - Feature #28561: Add note about link validity to password lost emailClosedGo MAEDA

Actions
Actions
Copy link
 #1

Updated by Go MAEDA about 6 years ago

  • Related to Feature #28561: Add note about link validity to password lost email added
Actions
Copy link
 #2

Updated by Go MAEDA about 6 years ago

  • Subject changed from prevent users from getting stuck with an expired password recovery token in their session to Prevent users from getting stuck with an expired password recovery token in their session
  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Target version set to 4.0.0

Committed. Thank you for your contribution.

Actions
Copy link

Also available in: Atom PDF