Vote #79597
完了Prevent users from getting stuck with an expired password recovery token in their session
開始日:
2022/05/09
期日:
進捗率:
0%
予定工数:
Redmineorg_URL:
category_id:
7
version_id:
99
issue_org_id:
29781
author_id:
40856
assigned_to_id:
332
comments:
2
status_id:
5
tracker_id:
3
plus1:
0
affected_version:
closed_on:
affected_version_id:
説明
A user whose password recovery token expired after it was already put into
their session would be redirected to the login page all the time.
- to fix that, the token is cleared from the session and the user is asked to try again
- before this change, the user would have to clear their cookies in this case to be able to ever get a new token
journals
--------------------------------------------------------------------------------
Committed. Thank you for your contribution.
--------------------------------------------------------------------------------
related_issues
relates,Closed,28561,Add note about link validity to password lost email
いいね!0