I am trying to find where in the code the expiry time for account activation links is set. Or how long is that time? And, is there any way of setting that timeout period?
Most helpful answers
Comments
Hey JDSaward, some time ago, I was also wondering about the expiration time of account activation links. I didn't look for the code but tested it and found out they don't seem to expire at all. (In contrast, password reset links expire after 24 hours.)
Thanks Olafski, Maybe they don't expire then.
I was going on reports from site participants telling me a week or so later that the 'link doesn't work'.... Which of course could be because... many reasons ... I will test it more too.
I think I tried to identify the code some time back and perhaps I will try again unless anyone knows already.
Thanks Olafski, I also was wondering if perhaps there is no expiration time.
Some site participants who take awhile to use their link let me know "the link does not work", and I just assumed. But likely there are multiple reasons someone thinks something is 'not working'.
I will test if further. Still interested in definitive answers about where the link is generated in code.
Sorry JDSaward, I saw your comments only now, they had been blocked before for some reason. At the moment, I have nothing to add. People working on a slightly related core issue might know more about the code question. Maybe ask there?
I think my comments were in a slowly moving moderation queue. Which is why there is a repeat, after a day. I missed the message that moderation was happening, but caught it the second time around.
I still intend to do another code search, but the importance of this faded away for now. I scanned the core issue you referenced and it looks very good context. I think it will help me find the code. I will come back to this.
As in D7 this is still at issue.
User.pages.inc refers to a session expiry for the One-Time-Link email. This is not front-end configurable, but by adding:
$config['system.core']['user_password_reset_timeout'] = 604800;
to the settings.php file, you will enable the users getting the OTL email a whole week before it expires. This is particlualry vital for the current site I am working on!
FYI that number (604800) is the number of seconds!
I think that we should have a 1 day password-reset expiry, and a 1 week OTL expiry, but they currently use the same value.
Comments?
Hey JDSaward, some time ago, I was also wondering about the expiration time of account activation links. I didn't look for the code but tested it and found out they don't seem to expire at all. (In contrast, password reset links expire after 24 hours.)