Project

General

Profile

Actions

Patch #29781

closed

Prevent users from getting stuck with an expired password recovery token in their session

Added by Jens Krämer about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.

  • to fix that, the token is cleared from the session and the user is
    asked to try again
  • before this change, the user would have to clear their cookies in this
    case to be able to ever get a new token

Files


Related issues

Related to Redmine - Feature #28561: Add note about link validity to password lost emailClosedGo MAEDA

Actions
Actions

Also available in: Atom PDF