<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I think this may have been fixed in 1.9 with the flow changes I
made. I don't have time to try it out right now though.<br>
<br>
<div class="moz-cite-prefix">On 2/10/2016 8:58 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAfiUdD6TJviSRf3j8erStY3atLzk3ygFEXCgwst+wnu-Q@mail.gmail.com"
type="cite">
<div dir="ltr">It's not about the error message though. It should
be possible to open the link multiple times as long as the form
is not submitted.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 February 2016 at 14:53, Bill
Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> We changed the
"error" message in I think 1.9? Maybe 1.8 to say "You
clicked on a stale link. Maybe you have already verified
your email?" I'll look into improving this I guess.
<div>
<div class="h5"><br>
<br>
<div>On 2/10/2016 4:21 AM, Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">It should be possible to open the
link multiple times, but only submit the password
reset once. If that's not the case (sounds like it
is) feel free to create a JIRA issue to report
this as a bug.<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 February 2016 at
05:24, Michael Anthon <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:michael.anthon@infoview.com.au"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:michael.anthon@infoview.com.au">michael.anthon@infoview.com.au</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">We are having
issues with some users when they are
attempting to use the password reset
feature. It does work for most users
however for some they always end up at an
error page saying "WE'RE SORRY ... An error
occurred, please login again through your
application"<br>
<br>
What I have been able to determine so far is
that for the affected users we are seeing a
double hit on that URL in the server logs
and from what I understand, these reset URLs
are invalidated as soon as they are
accessed.<br>
<br>
So here's the state of play<br>
* works for most users<br>
* some users hitting the reset URL twice<br>
* URL is only valid for the first access
(I'm not 100% sure about this, can someone
confirm please?)<br>
* URL is only valid for 30 minutes (but is
being accessed within a few minutes of
generation)<br>
* affected users are mostly using Outlook<br>
* some people tend to double click links in
emails but I've verified with a reliable
user that they are only clicking the link
once<br>
* having the affected person send themselves
another reset email and then copy and paste
the URL from the mail client usually
resolves this problem<br>
<br>
And questions<br>
* is this an issue anyone else has noticed
with Outlook, doesn't affect ALL Outlook
users, just some<br>
* is there a way to prevent the URL from
being invalidated on initial access<br>
* is it feasible to change the behavior so
that the URL is only invalidated when the
password is changed<br>
* any other thoughts on how to avoid this
issue?<br>
<br>
Thanks and Regards,<br>
<br>
Michael Anthon<br>
InfoView Technologies Pty Ltd<br>
12/15 Adelaide St, Brisbane Qld 4000<br>
P O Box 15478, City East, Brisbane Qld 4000<br>
PH: <a moz-do-not-send="true"
href="tel:%2B61%207%203014%202204"
value="+61730142204" target="_blank">+61 7
3014 2204</a><br>
F: <a moz-do-not-send="true"
href="tel:%2B61%207%203014%202200"
value="+61730142200" target="_blank">+61 7
3014 2200</a><br>
M: <a moz-do-not-send="true"
href="tel:%2B61%20408%20768%20055"
value="+61408768055" target="_blank">+61
408 768 055</a><br>
<a moz-do-not-send="true"
href="mailto:michael.anthon@infoview.com.au"
target="_blank">michael.anthon@infoview.com.au</a><br>
<br>
The information transmitted is intended only
for the person or entity to which it is
addressed and may contain confidential
and/or privileged material. Any review,
retransmission, dissemination or other use
of, or taking of any action in reliance
upon, this information by persons or
entities other than the intended recipient
is prohibited. If you received this in
error, please contact the sender and delete
the material from any computer. Any views or
opinions expressed in this email are solely
those of the author and do not necessarily
represent those of InfoView Technologies Pty
Ltd.<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</font></span></div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>