Expire the Reset Password Email #11189

OutdoorEd created 2 years ago

Ver. 11.0 MVC .Net Core

I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?

1 Answer(s)

0

m.aliozkaya created 2 years ago
Support Team

Thanks a lot @outdoored for sharing the problem. I have created an issue https://github.com/aspnetzero/aspnet-zero-core/issues/4487 about this.

Have an answer to this question? Log in and write your answer.