+1 Would also be nice if there was a way to "clear / invalidate" current token for a given user
On Wednesday, September 20, 2017 at 10:56:21 PM UTC-4, Zhiqiang Liu wrote: > > I need general consensus on how to proceed with supporting password expire > time to be under a day. Currently it is not possible because we use > PASSWORD_RESET_TIMEOUT_DAYS. > > In ticket 28622 <https://code.djangoproject.com/ticket/28622> we have two > options. > > One is to continue to use the same setting PASSWORD_RESET_TIMEOUT_DAYS, > but change the value to non-integer (such as timedelta) so we can send > hours, minutes, etc to it. > > The other one is to create a new setting like PASSWORD_RESET_TIMEOUT which > takes seconds.To support backward compatibility, I think we should keep > PASSWORD_RESET_TIMEOUT_DAYS and its default value of 3. Only use > PASSWORD_RESET_TIMEOUT when provided. > > I'm unsure which one is better, so inputs are welcome. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fab5e09c-2170-4572-a551-edb4f1cd9a74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
