Level 75
Did you clear your config cache. But not sure on this, it should still behave the same, but try that.
May 4, 2025
8
Level 11
Reset Password Page Session does not expire
After requesting password reset, i noticed that after 60 minites the password reset link does not expire which is unusal.
Level 11
Still the same. @jlrdw
I just said let me tryout resetting password then i noticed that the token does not expire on the live server. Then i tested it locally clearing config cache. Nothing changes
Level 11
@jlrdw Apparently, it is a general laravel issue. I did a password reset on my account at laravel cloud, the same thing occured.
Level 14
how are you generating the password reset link?
Level 11
@krisi_gjika This will give you a better understanding. https://cloud.laravel.com/sign-in
Request for password reset. Then the link in the mail sent to you is meant to expire in 15 minutes but check back after 15 minutes, the link is still active (It does not expire)
Level 14
@jsanwo64 you are saying that you are using a temporarySignedRoute and the route is not expiring? Show some code to reproduce the issue
Level 11
@krisi_gjika I just gave you an example here. if you have a laravel app, do the same logic and you will get the same result of what i was talking about.
Level 9
"Link expired" and "Reset token expired" are different issues.
Since temporarySignedRoute() is not used, the link will not expire.
https://github.com/laravel/framework/blob/12.x/src/Illuminate/Auth/Notifications/ResetPassword.php
The reset token will be invalidated if you delete the token with the Artisan command. https://laravel.com/docs/12.x/passwords#deleting-expired-tokens
You can also expire the link by customizing createUrlUsing().
1 like
Please or to participate in this conversation.