Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21571

Change default value of the reset password token lifetime

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 16.3.0-rc-1, 15.10.9
    • 14.10.16
    • Security
    • None
    • Unit, Integration
    • Unknown

    Description

      The current behavior noticed on 14.10.16 is that after opening the reset password link once, the second time is not possible, even if the password reset was not actually done with the link.

      Also, there are still cases when depending on the settings on the user's side or their email client, the reset password link might be pre-read and so it would burn the only time they would be able to use the link.

      It would be useful to update the reset password link timeout to a longer value, such as 1h, allowing more time to open the reset password link no matter how many times in that 1 hour after receiving the reset password mail, as long as the password reset is not actually done using that link.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-19077 Less strict code verification in the reset password system

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              AndreeaChirica Andreea Chirica
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: