Does anyone know what the default lifetime of a token generated by IUserTokenProvider
is? I'm using EmailTokenProvider
to generate a token for resetting a password. But I can't seem to find out how long it will last for.
I understand it can be set on the DataProtectorTokenProvider
by setting the property TokenLifespan
Does it last forever for a token generated using EmailTokenProvider or is the default 24hrs?
After some of our users complained of invalid email tokens, I ran a few tests on the EmailTokenProvider and all of them came back at about 8 minutes, give or take a couple seconds.
This is consistent with my own experience testing Asp.Net password reset forms manually and with the reports from our users.