Confirmation emails should expire

Bug #781438 reported by François Marier on 2011-05-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
François Marier

Bug Description

Right now, messages sent to confirm one's email address don't expire.

They should expire in 24 or 48 hours:

- enforced in the verification code
- old unconfirmed email addresses should be removed on cron (bug 769771)
- email messages sent out should have some expiry headers to inform mail clients

The expiry headers are listed here:

Changed in libravatar:
assignee: nobody → François Marier (fmarier)
François Marier (fmarier) wrote :

The Mozilla secure coding guidelines recommend expiring them after 8 hours:

Changed in libravatar:
importance: Low → Medium
Changed in libravatar:
assignee: François Marier (fmarier) → nobody
description: updated
Changed in libravatar:
assignee: nobody → François Marier (fmarier)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers