Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Expire the Reset Password Email #11189


User avatar
0
OutdoorEd created

Ver. 11.0 MVC .Net Core

I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?


1 Answer(s)
  • User Avatar
    0
    m.aliozkaya created
    Support Team

    Thanks a lot @outdoored for sharing the problem. I have created an issue https://github.com/aspnetzero/aspnet-zero-core/issues/4487 about this.