Forum Academy Marketplace Showcase Pricing Features

Does reset password token expire?

I am creating an account for someone else and then sending a password reset.
Does the password reset token expire? If yes, how long until it expires?

Hello,

It expires after 24 hours.

So is there a way to display something that the link has expired when they click on it after 24hrs? Then generate a new one?

Just my customers are getting confused as they click on the link 2 days later and cannot change the password.

It’s not something we can add quickly, but we’ll put that on the wishlist.

1 Like

As an interim solution, perhaps have a flag on the user’s profile (or user change’s log) that stores the expiration date (ie. Current Date/Time + 24 hours).

Then on the password reset page, have it do a check: if Current Date/Time > expiration time, show prompt for requesting a new reset.

I believe this logic would make sense with the current password reset setup. (ie. the email link goes to your password reset page, then Bubble only checks to see if the request is valid once the request is submitted, not on page load).

@dan1 thanks for the suggestion. I might give this a try for the meantime.

Because the user has not logged in yet. How will I do a check on the user to match the email reset link?

Here’s a workaround idea:
create another database type called password reset token or two fields on the user profile. It should record the unique ID of the password reset (which is included as a part of the readable URL included in the password reset email) and specify the valid until date (current date/time + 24 hours).

Then, on the password reset page, have your workflow reference the “reset” parameter and “Do a search for” unique ID’s that match that. (You could theoretically use a workflow for When the page loads).

It may not be the most elegant. But that’s what I propose as an interim solution.