Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Password Reset LinkPassword Reset Link
Previous
 
Next
New Post
11/8/2013 3:51 PM
 
Mike Ryckman


Joined: 4/17/2011
Posts: 519

Hello,

I've started testing us upgrading from 7.0.5 to 7.1.2 and I am glad to see that the password reset process has been improved.

But, I noticed that each time you request your password, DNN creates a new token. We've had trouble in the past because when the reset emails take a minute to get to the user, they request multiple passwords, and thus invalidate their old ones. So, then the first email gets to them and, by the time it does, it no longer works.

Given this, I think it would make sense to not change the token if the user requests a new password reset email while a previous link is "live". If nothing else, perhaps it would help to have some time-frame where the same link is sent - like say an hour. That way, if the user requests two password reset emails in the same hour, they don't get two different links.

Does anybody have any thoughts on that, or know if something along those lines is possible?

Thanks,

Mike
 
New Post
11/8/2013 4:52 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

At present that is not possible via the API (as the actions which change passwords create new expiration and reset tokens before they send the email)  - you're welcome to add it as an idea to community voice and see if others feel the same way -the most popular items are the ones we look at when deciding the scope of releases.

By the way, the expiry time is configurable - heres some text from a document I've been working on:

Log in as a superuser (such as host), and go to host->host settings. Click on the advanced settings tab and then scroll down and click on "Membership management". You'll find a number of settings that affect various member related activities.

The first of these is the "reset link timeout". As hashing is a one-way operation, and once stored a users hashed password cannot be retrieved (e.g. to send out in a password reminder), DNN had to make changes to the platform to support password resets via reset links. Rather than have two systems, one that emailed passwords (via SMTP in cleartext) for sites that used encryption, and one that sent out password reset links for sites that used hashing, the product team made the decision to only use password reset links as they are more secure. Now, when a user initiates an action that used to send out a password (such as registering or password reminders), an email is sent with a password reset link. This link is unique to the user, can only be used once, and also has an expiration date to ensure that it is only valid for a short period of time e.g. in case someone accesses your email, reset links that have been used or expired can no longer be used.

The first setting on this page controls this value, and defaults to 1 hr (60 minutes). It's important to note that this value only applied for actions the user initiates themselves - for actions such as an administrator/host created a new account or resetting a users password, the expiry for those mails is 24hrs. This longer period allows users a better opportunity to respond to the mail by clicking the reset link. If the link is expired, they can request a new one (which will then be valid for the "Reset link timeout" specified under "Membership management"), but the larger timeout for admin/host initiated actions will improve the chances the user can respond to the original email.

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
11/8/2013 5:31 PM
 
Mike Ryckman


Joined: 4/17/2011
Posts: 519

Thanks Cathal - this is helpful.

Yes, I was aware of the expiry time setting. The basic problem we have, though, is from people requesting links twice in a row. Then, they get the first link and it doesn't work any more.

I'll submit a request and see where it goes.

Hope all's well,

Mike
 
New Post
11/10/2013 2:55 PM
 
Lucas Jans


www.agencyrevolution.com
Joined: 9/28/2009
Posts: 91

Good idea Mike. Post a link to the idea here and I'll vote for you.

I would imagine it would be very frustrating for the end user and expensive for a support team if the email was not received quickly and then constantly stale by the time it came through.
 
New Post
11/25/2013 3:14 PM
 
Seth


Joined: 5/30/2012
Posts: 20
So does anyone know if its possible to change the 24 hour time limit on the admin initiated registration? We are migrating over to a new website. Using an import utility to bring the membership in. It is generating a random password and sending out the reset link. Most of my users are checking their email within a few days but 1% of them are actually getting the reset token to work within the specified period.

How can I increase the 24 hour time limit to say a week?
 
 Page 1 of 4
1234Next 
Previous
 
Next
HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Password Reset LinkPassword Reset Link


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out