You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use this bundle with Symfony 6.4, to go faster I use the make:reset-password command as indicated in the documentation.
The Controller created from the maker has the method processSendingPasswordResetEmail, this method uses the "ResetPasswordControllerTrait" and its method setTokenObjectInSession, which store this token in the session to be retrieved in the next step, but just before storing the token, it empties it, so in session the token is invalid.
Howdy @jp-insitaction - Now this is the intended functionality. I wrote a pretty detailed explainer on this here: #288 (comment) - "step 3" specifically talks about how we use the session to allow for displaying the "lifetime" of the token in the template but also guard against potential attack vectors.
Let me know if you have anymore questions or If that comment doesn't explain it clearly.
Hello,
I use this bundle with Symfony 6.4, to go faster I use the
make:reset-password
command as indicated in the documentation.The Controller created from the maker has the method
processSendingPasswordResetEmail
, this method uses the "ResetPasswordControllerTrait" and its methodsetTokenObjectInSession
, which store this token in the session to be retrieved in the next step, but just before storing the token, it empties it, so in session the token is invalid.Is this an error?
The text was updated successfully, but these errors were encountered: