clamhost Posted March 10, 2014 Report Posted March 10, 2014 When ever a client uses the password reset function. and requests multiple password resets. and does not use the Link it sends via email. every link continues to work. the old ones should be set as expired. I guess this could also be a Security Risk.
Cody Posted March 10, 2014 Report Posted March 10, 2014 Links expire automatically after a predetermined amount of time. See configuration setting: Blesta.reset_password_ttl. Feel free to submit your idea as a feature request. Closed as not a bug.
Recommended Posts