Michael247 Posted June 16, 2016 Share Posted June 16, 2016 Hi I have a question about the password reset functionality. I've just tested with a reset-Link from the 19 May 2015 (13 months ago) and the password-reset still works with this link. How long (period of validity) is the reset-link in the email valid? I guess the link is valid forever, is it? Where are these "recovery token" stored? You have no idea what I'm talking? Here is an example of a link from the e-mail: http://www.domain.tld/kennwort-wiederherstellung?token=faa0123456789abcdef0123456789abc&id_customer=12345 (I suppose in English called it "password-reset" or "password-recovery" instead of "kennwort-wiederherstellung") Best Regards, Michael Link to comment Share on other sites More sharing options...
rocky Posted June 17, 2016 Share Posted June 17, 2016 That token is not the recovery token, it is the customer's token. It's designed to confirm you are the customer and aren't just randomly entering customer IDs in an attempt to reset their passwords. If you reset your password a second time, you'd see the same token is used. The token is randomly generated when the customer is created and then stored in the `secure_key` column of the `ps_customer` table in the database. As you say, there is no limit on how long the link works for or how many times you can use it. The link is always there if you need it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now