-
- Downloads
Expire token after 12h and if user logged-in again
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
Showing
- core/application.php 6 additions, 4 deletionscore/application.php
- core/lostpassword/controller/lostcontroller.php 20 additions, 4 deletionscore/lostpassword/controller/lostcontroller.php
- tests/core/lostpassword/controller/lostcontrollertest.php 116 additions, 7 deletionstests/core/lostpassword/controller/lostcontrollertest.php
Loading
Please register or sign in to comment