|author||Yorhel <email@example.com>||2019-10-03 13:33:04 +0200|
|committer||Yorhel <firstname.lastname@example.org>||2019-10-03 15:08:56 +0200|
SQL: Add session types + use sessions for password reset tokens
This improves the password reset workflow a bit. The users.passwd field is now no longer used for reset tokens, meaning that the current password isn't affected until the user actually clicks the link and changes it. It is now also possible to have multiple active password reset tokens, in case one of the emails got lost. All existing tokens are invalidated when the user finally changes their password. Tokens are now valid for at most 1 week instead of indefinitely.
Diffstat (limited to 'elm')
0 files changed, 0 insertions, 0 deletions