OJS3.2 Reset Password Link expired but a new password was sent out

Dear all,

This problem was posted a while ago pertaining to OJS2.4.7 (OJS 2.4.7 Reset Password Link expired).

However, I am having OJS3.2.1.1 and when a user reset his/her password, the link that they clicked on was expired. I did the same to my own account and clicked on the link immediately and was indicated as expired. Having said that, I did receive a new password that I could use to log in to change into a new one. Therefore, the expired password reset link seemed to be working but why stated as expired?

In the config file, I have set the reset_seconds to 7200. Perhaps this is a bug?

Hope to get clarification on the matter.

Hi @neuroscirn,

The most common cause for this is that users get impatient waiting for the expiry email to be received, then click the button again. Then the first email arrives but the link has already expired because a second email has been sent. Can this be the case in your experiment?

Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

Not really, I did the same and I clicked only once. Immediately I received the email link, I clicked the link and the first thing that came through was the expired message. But, the new password was somehow sent over. You can also test this out yourself here https://neuroscirn.org/ojs/index.php/nrnotes/login. You can register a dummy account for it.


1 Like


Same problem here.
Are you using MySQL or postgres?

Tarcisio Pereira

Hello, I am using MySQL.

Still remains in OJS version 3.2.1-1