Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If you have required email validation for new users they will reveice a mail with a one time login after the account has been cleared. This link is available up to 24 hours after the admin has cleared the account.
I understand the need to put a time constraint on this link, but 24 hours is (for some sites) a very very short time span. For a project I'm currently working on, not a single user will probably ever be able to react within 24 hours... (7 days would be acceptable)
I think that this setting should be configurable under the user settings.
Or have I missed it somewhere?
Comment | File | Size | Author |
---|---|---|---|
#3 | one_time_login_valid_time.patch | 2.6 KB | weseze |
#1 | one_time_login_valid_time.patch | 2.65 KB | weseze |
Comments
Comment #1
weseze CreditAttribution: weseze commentedI've created a small patch to do this.
Could this be included in core?
Comment #2
weseze CreditAttribution: weseze commentedComment #3
weseze CreditAttribution: weseze commentednew patch
Please include this in core...
Comment #4
gpk CreditAttribution: gpk commentedThe one-time login link on account creation does not have a time limit. The time limit should only apply when requesting a new password. Are you experiencing something different?
Comment #5
weseze CreditAttribution: weseze commentedHmm I just tried my patch and set the limit to -1 and the link still worked...
I assumed it would not work because when you use the one time login link Drupal tells you the link will expire after 24 hours.
So the time limit does not apply but Drupal says it does. That's very confusing if you don't know the code... I guess that message should be changed if it doesn't apply?
Comment #6
gpk CreditAttribution: gpk commentedJust to confirm - we are talking about the one-time login link when you register, not the one-time login link when you request a new password?
Comment #7
weseze CreditAttribution: weseze commentedyes
Comment #8
srlawr CreditAttribution: srlawr commentedI am doing something slightly different with the User concepts in Drupal - we have pre-populated thousands of users, and are using hooks into the "request new password" mechanisms to invite people to activate and access their accounts. It works very nicely.
That's kinda neither here nor there though, because I have now come across the frustrating problem that the link expiry time is very hard-coded into the user.pages.inc file. We want to keep the one-time-login links alive for 3 days, instead of 24 hours.
The above patch (from 2009) addresses this as an issue nicely, but status "Ignored" says it all ;)
There is a setting in the one-time-login module to control link expiry time. But not one for this link in core user.
I therefore do "vote" that this is addressed, it's not exactly a complete re-write :)
Comment #9
srlawr CreditAttribution: srlawr commentededit to point out this is now also in 7.x
Should I have made a new issue?! oops. rats.
Comment #11
Quest Yarbrough CreditAttribution: Quest Yarbrough commented#3: one_time_login_valid_time.patch queued for re-testing.