New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Password Reset LinkPassword Reset Link
New Post
11/8/2013 3:51 PM


I've started testing us upgrading from 7.0.5 to 7.1.2 and I am glad to see that the password reset process has been improved.

But, I noticed that each time you request your password, DNN creates a new token. We've had trouble in the past because when the reset emails take a minute to get to the user, they request multiple passwords, and thus invalidate their old ones. So, then the first email gets to them and, by the time it does, it no longer works.

Given this, I think it would make sense to not change the token if the user requests a new password reset email while a previous link is "live". If nothing else, perhaps it would help to have some time-frame where the same link is sent - like say an hour. That way, if the user requests two password reset emails in the same hour, they don't get two different links.

Does anybody have any thoughts on that, or know if something along those lines is possible?



New Post
11/8/2013 4:52 PM

At present that is not possible via the API (as the actions which change passwords create new expiration and reset tokens before they send the email)  - you're welcome to add it as an idea to community voice and see if others feel the same way -the most popular items are the ones we look at when deciding the scope of releases.

By the way, the expiry time is configurable - heres some text from a document I've been working on:

Log in as a superuser (such as host), and go to host->host settings. Click on the advanced settings tab and then scroll down and click on "Membership management". You'll find a number of settings that affect various member related activities.

The first of these is the "reset link timeout". As hashing is a one-way operation, and once stored a users hashed password cannot be retrieved (e.g. to send out in a password reminder), DNN had to make changes to the platform to support password resets via reset links. Rather than have two systems, one that emailed passwords (via SMTP in cleartext) for sites that used encryption, and one that sent out password reset links for sites that used hashing, the product team made the decision to only use password reset links as they are more secure. Now, when a user initiates an action that used to send out a password (such as registering or password reminders), an email is sent with a password reset link. This link is unique to the user, can only be used once, and also has an expiration date to ensure that it is only valid for a short period of time e.g. in case someone accesses your email, reset links that have been used or expired can no longer be used.

The first setting on this page controls this value, and defaults to 1 hr (60 minutes). It's important to note that this value only applied for actions the user initiates themselves - for actions such as an administrator/host created a new account or resetting a users password, the expiry for those mails is 24hrs. This longer period allows users a better opportunity to respond to the mail by clicking the reset link. If the link is expired, they can request a new one (which will then be valid for the "Reset link timeout" specified under "Membership management"), but the larger timeout for admin/host initiated actions will improve the chances the user can respond to the original email.

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
New Post
11/8/2013 5:31 PM

Thanks Cathal - this is helpful.

Yes, I was aware of the expiry time setting. The basic problem we have, though, is from people requesting links twice in a row. Then, they get the first link and it doesn't work any more.

I'll submit a request and see where it goes.

Hope all's well,


New Post
11/10/2013 2:55 PM

Good idea Mike. Post a link to the idea here and I'll vote for you.

I would imagine it would be very frustrating for the end user and expensive for a support team if the email was not received quickly and then constantly stale by the time it came through.

New Post
11/25/2013 3:14 PM
So does anyone know if its possible to change the 24 hour time limit on the admin initiated registration? We are migrating over to a new website. Using an import utility to bring the membership in. It is generating a random password and sending out the reset link. Most of my users are checking their email within a few days but 1% of them are actually getting the reset token to work within the specified period.

How can I increase the 24 hour time limit to say a week?
HomeHomeDevelopment and...Development and...DNN Platform (o...DNN Platform (o...Password Reset LinkPassword Reset Link

These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out