Project

General

Profile

Actions
Copy link

Patch #29781

closed

Prevent users from getting stuck with an expired password recovery token in their session

Added by Jens Krämer over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Accounts / authentication
Target version:
4.0.0
Start date:
Due date:
% Done:

0%

Estimated time:

Description

A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.

  • to fix that, the token is cleared from the session and the user is
    asked to try again
  • before this change, the user would have to clear their cookies in this
    case to be able to ever get a new token

Files

0001-Handles-the-case-when-an-expired-token-is-in-the-use.patch (5.45 KB) 0001-Handles-the-case-when-an-expired-token-is-in-the-use.patch Jens Krämer, 2018-10-17 06:28

Related issues

Related to Redmine - Feature #28561: Add note about link validity to password lost emailClosedGo MAEDA

Actions
Actions
Copy link

Also available in: Atom PDF