[ltb-dev] [LDAP Tool Box - Bug #863] Password Token Expiring

noreply at lsc-project.org noreply at lsc-project.org
Tue May 24 17:29:21 CEST 2016


Issue #863 has been updated by Jeff G.


So, it looks like PHP sessions are used to keep a token alive, correct?

If I request a password reset token for another user at my computer and they open the token link on a different computer, the token will show as invalid?
----------------------------------------
Bug #863: Password Token Expiring
http://tools.lsc-project.org/issues/863

Author: Jeff G
Status: New
Priority: High
Assigned to: 
Category: Self Service Password
Target version: self-service-password-?


It seems the password tokens expire when a new one is requested, even for completely different people. If I request a password reset token for client A, then 5 minutes later for client B, client A will no longer be able to reset their password using the token they were sent. Is this normal?


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160524/a30f5ebd/attachment.htm>


More information about the ltb-dev mailing list