Issue #863 has been updated by Clément OUDOT.
Jeff G wrote: > So, it looks like PHP sessions are used to keep a token alive, correct? > > If I request a password reset token for another user at my computer and they > open the token link on a different computer, the token will show as invalid? No, because the session is stored on server side. With the correct token ID (which is in reset URL), you can reset the password from any computer. ---------------------------------------- Bug #863: Password Token Expiring http://tools.lsc-project.org/issues/863 Author: Jeff G Status: New Priority: High Assigned to: Category: Self Service Password Target version: self-service-password-? It seems the password tokens expire when a new one is requested, even for completely different people. If I request a password reset token for client A, then 5 minutes later for client B, client A will no longer be able to reset their password using the token they were sent. Is this normal? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
