Skip to content

Instantly share code, notes, and snippets.

@mickadoo
Created August 29, 2017 16:11
Show Gist options
  • Save mickadoo/2083f8bb671715212885998d8ca5a955 to your computer and use it in GitHub Desktop.
Save mickadoo/2083f8bb671715212885998d8ca5a955 to your computer and use it in GitHub Desktop.

Scenario 1:

  • Created user account but no email sent
  • Come back and send the email

RESULT: Welcome email received, login sucessful

Scenario 2:

  • Created user account and email sent
  • user used the link in the email
  • Come back and send the email again

RESULT: Email was resent. In cases where the user hasn't logged in normally since the email was sent the link to reset password works fine. However Drupal uses a hash of the users password, most recent login time and uid to create the link used in the email. If any of these change (e.g. if the user logs in again) then this link breaks.

Scenario 3:

  • Created user account and email sent
  • user didn't used the link in the email
  • Come back and send the email again

RESULT: Email is resent. Either link is still valid until the user uses one of them to login. At this point both links become invalid because login (which is used in the hash) is updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment