Actions
Patch #29781
closedPrevent users from getting stuck with an expired password recovery token in their session
Description
A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.
- to fix that, the token is cleared from the session and the user is
asked to try again - before this change, the user would have to clear their cookies in this
case to be able to ever get a new token
Files
Related issues
Actions