Open Closed

Expire the Reset Password Email #11189


0
outdoored created

Ver. 11.0 MVC .Net Core

I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?


1 Answer(s)
  • 0
    m.aliozkaya created
    Support Team

    Thanks a lot @outdoored for sharing the problem. I have created an issue https://github.com/aspnetzero/aspnet-zero-core/issues/4487 about this.