Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The emails that are sent out for account registrations and activations have a supposed one-time link to log in to the account.
This is not actually a one-time login link, it seems to let you log in as many times as you want? I'm definitely logging out between each attempt.
Comments
Comment #1
danielb CreditAttribution: danielb commentedComment #2
danielb CreditAttribution: danielb commentedFYI I am aware of the algorithm in the user module that invalidates the login hash by updating the login time. I think it might work for password resets - but I've definilty witnessed it working as describe in my first post today.
If it helps I've also got login tabbogan installed - that wouldn't hurt anything though, right?
Comment #3
ainigma32 CreditAttribution: ainigma32 commented@danielb: I can't find other issues that mention similar problems. Can you confirm this behavior still exists with the latest version of D6?
- Arie
Comment #4
ainigma32 CreditAttribution: ainigma32 commentedLooks like danielb won't be posting any feedback so I'm setting this to fixed.
Feel free to reopen if you think that is wrong.
- Arie
Comment #5
danielb CreditAttribution: danielb commentedWhy do I have to be the one to investigate this? I have a fairly recent version of drupal 6 - if it's been fixed since then - why can't you find an issue about it?
Comment #6
Damien Tournoud CreditAttribution: Damien Tournoud commentedI can't reproduce this issue neither on 5.x nor on 6.x.
Comment #7
danielb CreditAttribution: danielb commentedI just reproduced this problem in Drupal 6.8
1) register to the website
2) click the one-time link received in your email
3) log out from the site when it is presented
4) click the one-time link received in your email
3) log out from the site when it is presented
and you can keep going like this as much as you like.
(firefox 3.0.5)
Comment #8
danielb CreditAttribution: danielb commentedThe url I am clicking on is user/validate/15/1231729110/74329141cc61ab1dd93e2883be6cc0b9
The message I see is "You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password."
These are from Login Taboggan. Moving thread.
Comment #9
Bodo Maass CreditAttribution: Bodo Maass commentedI just discovered the same problem on Drupal 5.15 with LoginToboggan 5.x-1.3. The "one-time" login links sent out by registration seem to work as often as I like when I log out after each login.
Comment #10
Bodo Maass CreditAttribution: Bodo Maass commentedI submitted a patch that fixes this for 5.x-1.3 here: http://drupal.org/node/362332.
I don't have time to look at 6.x right now, but I guess it should be very easy to look at my patch for 5.x and apply it to 6.x.
Comment #11
hunmonk CreditAttribution: hunmonk commentedthis was fixed in #291001: Allow One Time Login To Be Used Only Once. i just re-tested, and it works flawlessly for me. marking this issue as a duplicate.
Comment #12
F_mekono CreditAttribution: F_mekono as a volunteer commentedComment #13
NellyBokalli CreditAttribution: NellyBokalli commented