We wanted to reset the user passsword in DNN 9 but failed because the link sent via email expired when clicked. (the password reset link has expired)
It seems that you use a custom admin module. By default, the password reset link will expire after 60 minutes due to security aspects. You can change this settings in the security tab. Regarding your screen copy, I noticed that you probably already logged in with the superuser account when you clicked on the reset link. Consequently, the reset link should not correspond to the current user session. I suggest you to try again after log out in your browser to check if the reset link works.
is there anything else we can do to solve this problem??
Also, if I remember correctly, the password reset link intentionally doesn't work for superuser accounts. You can only use it for Admins and lower. Another superuser account must allow in a superuser that can't log in. I could be wrong though. This could have changed, as I haven't tested this recently.
What I wanted to say is that your screenshot shows that you've got the message when you already logged with the superuser account (look at the current user which is displayed at the right top corner).
oh right. thank you for pointing that out. we have tried various scenarios including opening link in incognito browser. There is already a clearer problem where if the password reset using dnn9 is possible but the failure occurs at the time of custom module.
We just had a client that reported that the Password Reset links did not work correctly in DNN 9.13.3 After clicking the reset link they got a message it had expired. I checked the database (users Table) and the [PasswordResetToken] and the [PasswordResetExpiration] fields had the correct values.
After bit of searching I saw others have reported similar issues so I'll share how we "fixed" this for future reference.
The client installation started in DNN 5 and has been updated over the years. The client already had a custom text for the password reset before and I found that
Site Settings > (*) Site > Global Resources > GlobalResources > EMAIL_PASSWORD_REMINDER_BODY.Text
(editing GlobalResources.nl-NL.Portal-0.resx)
Contained an incorrect link (from an older version of DNN)
[Portal:PASSWORDREMINDERURL]default.aspx?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]
After we changed that to:
[Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]
The password reset link worked correctly again. Might not be your issue, but it might help other with this problem...?
Posted By Timo Breumelhof (40F) on 3/26/2024 5:24 AM We just had a client that reported that the Password Reset links did not work correctly in DNN 9.13.3 After clicking the reset link they got a message it had expired. I checked the database (users Table) and the [PasswordResetToken] and the [PasswordResetExpiration] fields had the correct values. After bit of searching I saw others have reported similar issues so I'll share how we "fixed" this for future reference. The client installation started in DNN 5 and has been updated over the years. The client already had a custom text for the password reset before and I found that Site Settings > (*) Site > Global Resources > GlobalResources > EMAIL_PASSWORD_REMINDER_BODY.Text (editing GlobalResources.nl-NL.Portal-0.resx) Contained an incorrect link (from an older version of DNN) [Portal:PASSWORDREMINDERURL]default.aspx?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken] After we changed that to: [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken] The password reset link worked correctly again. Might not be your issue, but it might help other with this problem...?
Whoa... Nice find!!! 💪🏽😎
Thanks for sharing Timo!
Posted By Timo Breumelhof (40F) on 3/26/2024 8:24 AM We just had a client that reported that the Password Reset links did not work correctly in DNN 9.13.3 After clicking the reset link they got a message it had expired. I checked the database (users Table) and the [PasswordResetToken] and the [PasswordResetExpiration] fields had the correct values. After bit of searching I saw others have reported similar issues so I'll share how we "fixed" this for future reference. The client installation started in DNN 5 and has been updated over the years. The client already had a custom text for the password reset before and I found that Site Settings > (*) Site > Global Resources > GlobalResources > EMAIL_PASSWORD_REMINDER_BODY.Text (editing GlobalResources.nl-NL.Portal-0.resx) Contained an incorrect link (from an older version of DNN) [Portal:PASSWORDREMINDERURL]default.aspx?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken] After we changed that to: [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken] The password reset link worked correctly again. Might not be your issue, but it might help other with this problem...?
Great catch Timo!
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.