User invite token: "Please note that the invite link will expire in 7 days."
-
Looking at the code, the user invite token is valid indeed only for 24h while the password reset token is valid for 7 days.
I wonder if either values are good, but at least both should be aligned to be more consistent in what people can expect.
Any input on expiration time?
-
That's not true. I clicked on the link in the mail 5 days later:
"Invalid or Expired Invite Link"Next try with a fresh token in 3 days
-
Looking at the code, the user invite token is valid indeed only for 24h while the password reset token is valid for 7 days.
I wonder if either values are good, but at least both should be aligned to be more consistent in what people can expect.
Any input on expiration time?
-
- If there is a valid time frame of 24 hours, the information in the email must reflect the same time frame. Currently, there is the information about "will expire in 7 days".
- There is no best time frame. IMHO 24 hours is good for most use cases. But I've heard of admins sending emails to new users on Friday and getting mails in their helpdesk the next Monday about invalid tokens. So maybe 72 hours?
If it is feasible, we should add a variable to the time frame token and allow the admin to set the value.
