my question is concerning the built-in "Reset Password" mechanism that is available through the Form Login page of an Organization. Every time a user resets her password a new application key ("<username>resetToken") is created.
Question: Does this application key continue to exist forever on the platform or is there some built-in mechanism (e.g. scheduler) that automatically deletes these resetToken-appkeys?
Hi @IPA since it expires after a certain period, my understanding is that it gets cleaned up automatically i.e. if it has expired.
Is there any specific use case around this topic? Are you observing something odd?
Hi @supandey, you mean that there is some sort of internal scheduler that checks if the app keys has expired and if yes, it deletes them (and i mean completely delete the app key entity)? I did not see this happening.
The use case is that if users start resetting their passwords and the reset tokens are not cleaned up the platform will eventually get full of expired, not needed app keys, which of course require disk space. I do not think this is a good practice..
Expired token is deleted, whenever the next time user attempts to reset password for the associated account. So it should not stack up bunch of expired tokens.
...I did not see this happening.
By that do you mean, you do not see them getting deleted and there are bunch of expired appkeys listed for that user?
I mean that if there are 1000 users that have reset their password I will then have 1000 reset app keys lying around on the platform.