Control ForgetPassword Link Timeout

Hello all,   can we Control the Forgetpassword link expiry time in mendix
1 answers

Hi Harshad,


The expiry time is actually hard coded into the forgot password module.  I would use caution when thinking about modifying it for two reasons.


First, modifying marketplace modules is never recommended as your changes will be overwritten the next time that you update the module.  This is especially relevant for the forgot password module because there are frequent updates that patch any security vulnerabilities that may be associated with the module (major vulnerabilities with the module have been patched at least 3 times in the last 4 years)


Second, the reason it is hardcoded into the module versus a constant that could easily be changed is probably also for security reasons.  The longer the link is active, the more of a security risk it becomes.


I would ask what is the particular reason that you need to modify the expiry time?  Is there another approach that could satisfy your requirement other than modifying the expiry time?


Having laid out all the risks, it is possible to change if you simply modify the microflow where the ValidUntilDateTime is set on the forgot password object.


Hope this helps!