0
OutdoorEd created
Ver. 11.0 MVC .Net Core
I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?
1 Answer(s)
-
0
Thanks a lot @outdoored for sharing the problem. I have created an issue https://github.com/aspnetzero/aspnet-zero-core/issues/4487 about this.
Have an answer to this question?
Log in
and write your answer.