Project

General

Profile

Actions

Patch #29781

closed

Prevent users from getting stuck with an expired password recovery token in their session

Added by Jens Krämer about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.

  • to fix that, the token is cleared from the session and the user is
    asked to try again
  • before this change, the user would have to clear their cookies in this
    case to be able to ever get a new token

Files


Related issues

Related to Redmine - Feature #28561: Add note about link validity to password lost emailClosedGo MAEDA

Actions
Actions #1

Updated by Go MAEDA about 6 years ago

  • Related to Feature #28561: Add note about link validity to password lost email added
Actions #2

Updated by Go MAEDA about 6 years ago

  • Subject changed from prevent users from getting stuck with an expired password recovery token in their session to Prevent users from getting stuck with an expired password recovery token in their session
  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Target version set to 4.0.0

Committed. Thank you for your contribution.

Actions

Also available in: Atom PDF