-
assigned issue to
Should password reset links expire
Issue #103
resolved
They tend to accumulate in the roster and it might make sens security wise. What would be a good delay? 48h?
Comments (4)
-
reporter -
We should also remove the link right after a successful password reset.
-
reporter It looks like this is already done here
-
reporter - changed status to resolved
Remove password-resets after 48 hours [fix
#103]Add an in-process task scheduler and use it to remove expired password-reset urls from the database (where expired = older than 48 hours)
→ <<cset 0f13e66a053a>>
- Log in to comment