Password reset done in 2 stages?
-
Hello,
I am wondering why the password reset process seems to be done in two stages:
1) Verify the hash and password key, set the wp-resetpass-* cookie, and redirect to the same URL without the hash/user_id.
2) Let the user enter their new password, get the cookie, check the password key again, clear the cookie, then finally reset the user password.Is this done to follow what WP does for password reset?
There seems to be a similar question here:
https://wordpress.stackexchange.com/questions/308597/why-does-wordpress-hide-the-reset-password-key-from-the-url
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Password reset done in 2 stages?’ is closed to new replies.
