DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

the password reset link has expired

Sort:
You are not authorized to post a reply.





New Around Here





    We wanted to reset the user passsword in DNN 9 but failed because the link sent via email expired when clicked. (the password reset link has expired)

     

    image

     

     

    image

    image






    New Around Here





      It seems that you use a custom admin module.
      By default, the password reset link will expire after 60 minutes due to security aspects. You can change this settings in the security tab.
      Regarding your screen copy, I noticed that you probably already logged in with the superuser account when you clicked on the reset link. Consequently, the reset link should not correspond to the current user session. I suggest you to try again after log out in your browser to check if the reset link works.






      New Around Here





        1. By default, the password reset link will expire after 60 minutes due to security aspects. You can change this settings in the security tab.
          "we have change the time to 1440 minutes but problem still exists"
        2.  I suggest you to try again after log out in your browser to check if the reset link works.
          "since this is a reset password, the user are unable to login before launching the link"

        is there anything else we can do to solve this problem??






        Veteran Member





          Also, if I remember correctly, the password reset link intentionally doesn't work for superuser accounts.  You can only use it for Admins and lower.  Another superuser account must allow in a superuser that can't log in.  I could be wrong though.  This could have changed, as I haven't tested this recently.  






          New Around Here





            What I wanted to say is that your screenshot shows that you've got the message when you already logged with the superuser account (look at the current user which is displayed at the right top corner).






            New Around Here





              oh right. thank you for pointing that out. we have tried various scenarios including opening link in incognito browser. There is already a clearer problem where if the password reset using dnn9 is possible but the failure occurs at the time of custom module.






              Veteran Member





                We just had a client that reported that the Password Reset links did not work correctly in DNN 9.13.3
                After clicking the reset link they got a message it had expired.
                I checked the database (users Table) and the [PasswordResetToken] and the [PasswordResetExpiration] fields had the correct values.

                After bit of searching I saw others have reported similar issues so I'll share how we "fixed" this for future reference.

                The client installation started in DNN 5 and has been updated over the years.
                The client already had a custom text for the password reset before and I found that

                Site Settings > (*) Site > Global Resources > GlobalResources > EMAIL_PASSWORD_REMINDER_BODY.Text

                (editing GlobalResources.nl-NL.Portal-0.resx)

                Contained an incorrect link (from an older version of DNN)

                [Portal:PASSWORDREMINDERURL]default.aspx?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]

                After we changed that to:

                [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]

                The password reset link worked correctly again.
                Might not be your issue, but it might help other with this problem...?






                Veteran Member





                  Posted By Timo Breumelhof (40F) on 3/26/2024 5:24 AM

                  We just had a client that reported that the Password Reset links did not work correctly in DNN 9.13.3
                  After clicking the reset link they got a message it had expired.
                  I checked the database (users Table) and the [PasswordResetToken] and the [PasswordResetExpiration] fields had the correct values.

                  After bit of searching I saw others have reported similar issues so I'll share how we "fixed" this for future reference.

                  The client installation started in DNN 5 and has been updated over the years.
                  The client already had a custom text for the password reset before and I found that

                  Site Settings > (*) Site > Global Resources > GlobalResources > EMAIL_PASSWORD_REMINDER_BODY.Text

                  (editing GlobalResources.nl-NL.Portal-0.resx)

                  Contained an incorrect link (from an older version of DNN)

                  [Portal:PASSWORDREMINDERURL]default.aspx?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]

                  After we changed that to:

                  [Portal:PASSWORDREMINDERURL]?ctl=PasswordReset&resetToken=[Membership:PasswordResetToken]

                  The password reset link worked correctly again.
                  Might not be your issue, but it might help other with this problem...?

                  Whoa...  Nice find!!!  💪🏽😎 

                   






                  Advanced Member





                    Thanks for sharing Timo!

                    Ing. Marco Alvarado Gómez MSc | Globalode
                    Phone. +506 6049-1880 | WhatsApp. +506 6049-1880 | Email. [email protected]
                    Address. Costa Rica (A Pura Vida place!).
                    You are not authorized to post a reply.

                    These Forums are dedicated to the discussion of DNN Platform.

                    For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                    1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                    2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                    3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                    4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                    5. No Flaming or Trolling.
                    6. No Profanity, Racism, or Prejudice.
                    7. Site Moderators have the final word on approving / removing a thread or post or comment.
                    8. English language posting only, please.

                    Would you like to help us?

                    Awesome! Simply post in the forums using the link below and we'll get you started.

                    Get Involved