<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
We changed the "error" message in I think 1.9? Maybe 1.8 to say
"You clicked on a stale link. Maybe you have already verified your
email?" I'll look into improving this I guess.<br>
<br>
<div class="moz-cite-prefix">On 2/10/2016 4:21 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAdk_iN2vcR0i5t-3wriOe3xgQWAxPGWf1_D3sR62_s8JQ@mail.gmail.com"
type="cite">
<div dir="ltr">It should be possible to open the link multiple
times, but only submit the password reset once. If that's not
the case (sounds like it is) feel free to create a JIRA issue to
report this as a bug.<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 February 2016 at 05:24, Michael
Anthon <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:michael.anthon@infoview.com.au"
target="_blank">michael.anthon@infoview.com.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">We are
having issues with some users when they are attempting to
use the password reset feature. It does work for most
users however for some they always end up at an error page
saying "WE'RE SORRY ... An error occurred, please login
again through your application"<br>
<br>
What I have been able to determine so far is that for the
affected users we are seeing a double hit on that URL in
the server logs and from what I understand, these reset
URLs are invalidated as soon as they are accessed.<br>
<br>
So here's the state of play<br>
* works for most users<br>
* some users hitting the reset URL twice<br>
* URL is only valid for the first access (I'm not 100%
sure about this, can someone confirm please?)<br>
* URL is only valid for 30 minutes (but is being accessed
within a few minutes of generation)<br>
* affected users are mostly using Outlook<br>
* some people tend to double click links in emails but
I've verified with a reliable user that they are only
clicking the link once<br>
* having the affected person send themselves another reset
email and then copy and paste the URL from the mail client
usually resolves this problem<br>
<br>
And questions<br>
* is this an issue anyone else has noticed with Outlook,
doesn't affect ALL Outlook users, just some<br>
* is there a way to prevent the URL from being invalidated
on initial access<br>
* is it feasible to change the behavior so that the URL is
only invalidated when the password is changed<br>
* any other thoughts on how to avoid this issue?<br>
<br>
Thanks and Regards,<br>
<br>
Michael Anthon<br>
InfoView Technologies Pty Ltd<br>
12/15 Adelaide St, Brisbane Qld 4000<br>
P O Box 15478, City East, Brisbane Qld 4000<br>
PH: <a moz-do-not-send="true"
href="tel:%2B61%207%203014%202204" value="+61730142204">+61
7 3014 2204</a><br>
F: <a moz-do-not-send="true"
href="tel:%2B61%207%203014%202200" value="+61730142200">+61
7 3014 2200</a><br>
M: <a moz-do-not-send="true"
href="tel:%2B61%20408%20768%20055" value="+61408768055">+61
408 768 055</a><br>
<a moz-do-not-send="true"
href="mailto:michael.anthon@infoview.com.au">michael.anthon@infoview.com.au</a><br>
<br>
The information transmitted is intended only for the
person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by
persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact
the sender and delete the material from any computer. Any
views or opinions expressed in this email are solely those
of the author and do not necessarily represent those of
InfoView Technologies Pty Ltd.<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>