[wp-trac] [WordPress Trac] #21314: Add password reset key expiration
WordPress Trac
noreply at wordpress.org
Fri Aug 1 14:55:12 UTC 2014
#21314: Add password reset key expiration
-------------------------------------------------+-------------------------
Reporter: skithund | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future
Component: Users | Release
Severity: minor | Version: 3.4.1
Keywords: has-patch needs-testing needs- | Resolution:
refresh | Focuses:
-------------------------------------------------+-------------------------
Comment (by dllh):
I was thinking that a cron job might not be the best approach, as it
depends entirely on there being traffic to the site to fire the code. I'm
not sure whether a request to actually reset the password would cause the
cron to clean up old keys to fire or not. I put together a different
concept that sets a timestamp in usermeta on reset request, checks it when
the reset link is visited, and deletes it to clean up upon successful
login. I'm not sold on my approach but thought I'd put it out there for
consideration alongside the other proposal.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21314#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list